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BY THOMAS HOFFMAN 
A strengthening U.S. economy | 
that’s fueling increased IT 
spending and creating a tighter 
labor market has led to mod- 
erate pay gains for technical 
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ECONOMY BILLIONS 
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trying a new approach, 


called application life-cycle 
management, to exterminate bugs 
throughout the development process, 


not just at the end. SEE ‘UP FROM A 
LOW-QUALITY QUAGMIRE,’ PAGE 23 


U.S. IT Wages Inch Up 
In Tight Labor Market 


workers such as application 
developers and database ad- 


ministrators, according to new 


research and interviews with 
IT executives last week. 
“There is a noticeable wage 
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increase” for technical skills, 


| 

| said David Myers, director of 
| project management at Solo 

| Cup Co. in Highland Park, Ill. 


Myers said he believes 
that the pay gains are the re- 


| sult of a general rise in IT cap- 
| ital spending, which has re- 

| sulted in more projects being 

| launched and a decreasing 


supply of available domestic 
IT labor. In addition, Myers 
cited rising labor costs at off- 
shore IT firms as a factor. 
Other IT ex- 


aria ecutives said 


they also have 
noticed a rise 
in labor costs 
within the U.S, 
IT Wages, 
page 56 
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HEWLETT-PACKARD: 


HP Plans Cuts; 
User Group 
Shuts Doors 


Hurd holds off on 


ae 


BY PATRICK THIBODEAU 
AND MATT HAMBLEN 


Mark Hurd, Hewlett- 
Packard Co.’s new CEO, 
last week broke the rela- 
tive silence about his 
plans for the company, an- 
nouncing a 10% workforce 
cut and the merging of 
HP's sales 
force into 


maces it 
Pee Mie 


gic 

Hurd and other HP offi- 
cials said the changes will 
make the company’s oper- 
ations more focused, in- 
crease its internal ac- 
countability and do no 
harm to its research and 

efforts. But 

the lack of details about 


interex, HP World 
hit by finance woes 


BY PATRICK THIBODEAU 
AND MATT HAMBLEN 

The end of the 100,000- 
member Interex user 
group and the HP World 
conference it was due to 
hold in August arrived 
suddenly last week. But 
the organization’s finan- 
cial collapse was months 
in the making. 

Most Interex members, 
who now find themselves 
without an educational, 
advocacy and support out- 
let, had no inkling of the 
problems facing the 31- 
year-old user group follow- 
ing Hewlett-Packard Co.’s 
decision to launch its own 
conference this year. 

For example, Rita Work- 

Interex, page 14 
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“At Nissan, we expect to save at least $135 million annually 
thanks to the efficiencies that Windows Server 2003 and 
Exchange Server 2003 are helping us achieve.” 


Toshihiko Suda 
Senior Manager, Nissan Motor Company, Ltd. 


Microsoft® . 


Windows 
Server System 


Make a name for yourself with Windows Server System. 
An upgrade to Microsoft Windows Server System 
made it possible for 50,000 worldwide employees 
at Nissan Motor Company to have more secure 
remote access to their e-mail and calendars 
from any Internet connection, without the hassle 
and expense of a VPN. Here's how: By deploying 
Windows Server 2003 and Exchange 2003, not only 
did Nissan IT meet the CEO’s demand for better global 
collaboration, they expect to save at least $135 million 
by streamlining their messaging infrastructure 
To get the full Nissan story or find a Microsoft 
Certified Partner, go to microsoft.com/wssystem 


Windows Server Systerr 
Server Platform 
Virtualization 
Data Management & An 
Communications Exchange Serve 
Portals & Collaboration Office SharePoint” Portal Server 
Integration BizTalk* Server 
Management Systems Management Server 
soft" Operatic 
Security Internet Security & Acceleration Server 


Plus other software products 
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how to provide millions of customers with a 
large selection, low prices and excellent service. 


It begins with your first visit to Amazon.com and continues through the arrival of every order. The unique 
online shopping experience you deserve, the selection you demand and the low prices that’‘kKeep you coming 
back again. and again. SAS is proud to provide the ola De ale and analytics software that aos 
Amazon:com keep costs low —.and pass savings. on On het sch een providing Seo lair a 
To Jearn;more about Amazon.com and other SAS success stories that go Beyond BI, call 1.866 270 5740 or 
Niisilael an i'(2) eNom 


Wwww.sas.com/amazon 
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CONTENTS 


Health Services 


In the Technology section: Health care 
organizations are using Web services to 
move information between systems and, 
ultimately, improve patient care, say IT 
professionals like Furrukh Khan (left) of 
the Ohio State Medical Center. Page 26 
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The 100-Year Archive Dilemma 


In the Management section: As more organizations store 
more data longer, a key issue for storage specialists, such 
as Adam Jansen of the state of Washington, is how to re- 
trieve that data in 10, 20 or 100 years, when data formats, 
software and hardware will be different. The IT industry 
says it’s working on the problem. Page 39 
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EMC moves up the release 
of two high-end Symmetrix 
arrays, which will offer as 
much as a half-petabyte of 
storage, sources say. 


IBM realigns its Global Ser- 
vices unit after the departure 
of top executive John Joyce. 


Several Web services proj- 
ects have been initiated to en- 
able business-to-business 
transactions. 


Sprint launches an assess- 
ment service to gauge com- 
panies’ mobile technology 
needs and strategies. 


0 Aproposed data-loss bill 


draws jeers from some IT 
managers. 


Visa, American Express cut 

ties with the data processing 
firm that exposed as many as 
40 million account numbers 

this past spring. 


jlobal Dispat Several 
African countries are looking 
for business process outsourc- 
ing dollars. 


> Business complaints about 
Sarbanes-Oxley are “short- 
sighted,” says a former SEC 
chief. 


A: A Microsoft exec talks 
about the company’s plans to 
sell services as products. 


A 911 emergency system in 
Massachusetts gets a restart 
after a software glitch resulted 
in a delayed response to an 
emergency call. 


: 23 Up From a Low-Quality 

Quagmire. Companies are 

: trying to exterminate soft- 

: ware bugs by paying more 

attention to the entire life 

: cycle of each application. 

32 Security Manager’s Journal: 
Getting Started on Database 
Security. CJ. Kelly takes a 


look at the security of her em- 
ployer’s information assets 
and realizes the application 
layer is the weak link. 


34 QuickStudy: RATs. Remote 
administration Trojans are 
pieces of malicious software 
that let intruders remotely 
control computers across 
a network or through the 
Internet. 
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42 Farewell to Fiefdoms. The 
Southern Co. was ahead of its 
time when it pioneered an IT 
shared-services concept 10 
years ago. Today, it’s reaping 
the benefits on the bottom 
line and in the career paths of 
its CIOs. 


: 44 Managers’ Forum: Read the 

: debut of Paul Glen’s advice 
column, in which he answers 
readers’ questions about the 
art and craft of management. 
One reader asks how to man- 
age a CIO who has a bad case 
of “rock-star-itis.” 


46 Career Watch: We look at the 
hiring prospects for tempo- 
rary IT workers. Plus, a new 
study reveals a bright outlook 
for hiring in the third quarter. 


. 
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8 On the Mark: Mark Hall re- 


ports on new tools designed 


to help enforce access policies 


and block the distribution of 
sensitive data via mobile de- 


vices that move in and out of 


IT’s control. 


20 Don Tennant looks at last 
week’s events involving HP, 


Interex and HP World and de- 
cides that it’s even more criti- 
cal for HP’s CEO to show up at 
the company’s user conference. 


20 Dan Gillmor wonders if the 


Microsoft antitrust settlement 


led Intel to believe it had a 


free pass to monopolistic be- 


havior. 


David Bowes recalls that the 
best IT training he ever got 
came on the factory floor. 


36 Mark Willoughby thinks agile 


programming may represent 
a disruptive technology for 
software development. 


48 Stefan Steurs says the emerg- 
ing global village brings bene- 
fits as well as trauma, but only 


for those who embrace it. 


58 Frankly Speaking: Frank 


Hayes doesn’t buy the idea that 
watching how slackers misuse 


the Internet at work will im- 
prove worker productivity. 
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From the Front Lines of 

An Outsourcing Deal 

IT MANAGEMENT: Gerardo Estrada made 
the transition from Procter & Gamble to 
Hewlett-Packard, and then he moved 

from Mexico to Costa Rica. Based on those 
experiences, he’s got some advice for IT 
managers overseeing similar transitions. 


© QuickLink 55532 

Options for Modernizing 
DEVELOPMENT: Joseph Gentry of Software 
AG explains the benefits of preserving and 
extending applications instead of ripping 


and replacing them, and he details four ways 
to do so. @ QuickLink 55605 


Priceline Turns to Utility Storage 
STORAGE: Priceline.com CIO Ron Rose 
credits his flexible storage environment 
for multiple benefits, including high avail- 
ability, in this interview with Storage Net- 
working World Online. @ QuickLink a6710 


Secrets of Superspies 

WEBCAST: In this video presentation, securi- 
ty expert and author Ira Winkler describes 
actual acts of espionage, including those that 
he committed, to demonstrate the most cost- 
effective security programs for large organi- 
zations. @ QuickLink a6690 


ONLINE 
DEPARTMENTS 
Breaking News 

@ QuickLink 21510 
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AT DEADLINE 


Microsoft Buys 
E-mail Managed 
Services Firm... 


Microsoft Corp. has agreed to ac- 
quire FrontBridge Technologies 
Inc. in an effort to bolster its man- 
aged services and messaging se- 
curity business. FrontBridge pro- 
vides managed services for e-mail 
security, compliance and avail- 
ability. The 160-employee firm 
will become part of Microsoft’s 
Exchange Server group when the 
deal closes, likely in September. 
Terms weren't disclosed. 


... And Is Fueled by 
Server, Tool Sales 


In other Microsoft news, the com- 
pany posted solid growth for its 
fiscal 2005 fourth quarter, high- 
lighted by sales of server software 
and development tools. 


MICROSOFT BY THE NUMBERS 


SAP Profit, Revenue 
Rise on ERP Sales 


SAP AG reported a rise in net in- 
come and revenue for the second 
quarter, driven by increased sales 
of its ERP software in Asia and 
the Americas. 


SAP BY THE NUMBERS 


yA yes] 
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Short Takes 


CHOICEPOINT INC. took a $6 mil- 
lion second-quarter charge to 
cover costs related to the theft 
of the personal information of 
145,000 consumers earlier this 
year. ... MICROSOFT announced 
that it has chosen an official 
name for its upcoming operating 
system, code-named Longhorn. 
The new name is Vista. . . . BUSI- 
NESS OBJECTS SA has agreed to 
buy performance management 
software maker SRC SOFTWARE 
INC. for $100 million in cash. 


| offer up to halfa 


| capacity, quadruple cache and 
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Symmetrix 7 May Get Early Launch 


EMC arrays to 


petabyte of storage | 
BY LUCAS MEARIAN 
MC CoRP. today will 
unveil two new ver- 
sions of its high-end 
Symmetrix array that 
will more than triple storage 


double internal and external 
throughput of its previous of- 
ferings, sources said. 

The arrays, however, aren’t 
expected to offer virtualiza- 
tion capabilities or the ability 
to combine management of 
Symmetrix and midrange 
Clariion systems, a feature 
users are clamoring for. 

The seventh generation 
of Symmetrix, or Symm 7, is 
nonetheless expected to raise 
the bar in the storage industry 
by offering up to half a peta- 
byte of storage and mirrored 
cache for up to 1TB of memory. 

The Symm 7 announcement 
comes months ahead of the 
expected introduction of the 
arrays this fall. 

EMC last week was coy 





about its plans, but said it 
would make “one of its most 
important announcements for 
2005” today. 

During an earnings call last 
Thursday, Joe Tucci, CEO of 
the Hopkinton, Mass.-based 
vendor, said, “My marketing 
team has definitely instructed 
me to not teil you [today’s 
event] will be for the launch 


of Symm 7.” 


In a report last week, Shebly 
Seyrafi, an analyst at Merrill 
Lynch & Co., said the new 
DMxX 3500 and 4500 arrays are 
expected to sport 4Gbit/sec. 
Fibre Channel ports on the 
front end and internal through- 
put speeds of 160GB/Sec. In 
comparison, the DMX 3000 
has throughput of 64GB/Sec. 

According to the report, the 
DMX 3500 will hold up 1,440 
disk drives for 432TB of stor- 
age capacity, and the DMX 
4500 will have up to 1,920 
drives for 576TB of capacity. 
In comparison, the DMX 3000 
has a capacity of 172TB. 

John Halamka, CIO at Care- 
Group Healthcare System in 
Boston, said he expects EMC to 
develop closer links between 





| expect 


C5 everything 


to be faster, bigger 
and cheaper as 
time goes on. 
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LEV KATZ, DATA CENTER MANAGER, 
MIDAMERICA BANK FSB 


its Symmetrix and Clariion 
products over the long term. 

Halamka said he believes 
that a system for combined 
management of Symm 7 and 
Clariion hardware will be 
based on future upgrades to 
both the storage software 
management platforms and 
firmware-based replication. 

It isn’t surprising to Halam- 
ka that Symm 7 doesn’t in- 
clude these features. “We nev- 
er expected firmware replica- 
tion between Clariion and 
Symm at this time,” he said. 
“We would expect improve- 
ments in storage management 
tools to evolve under a new 
applications framework” that 
would link Symmetrix, Clari- 
ion and third-party arrays. 

Halamka said his IT team 
members “favor the look and 


feel of Clariion’s Navisphere 
management tools versus 
Symmetrix’s Control Center.” 

Lev Katz, data center opera- 
tions manager at MidAmerica 
Bank FSB in Naperville, Ill. 
said he’s looking for more 
Navisphere-like functionality 
in Control Center than is ex- 
pected today. 

Katz, who uses both Sym- 
metrix and Clariion arrays, 
said more hard-drive space 
doesn’t impress him because 
“T expect everything to be 
faster, bigger and cheaper as 
time goes on.” 

However, he said the mir- 
rored cache does impress him, 
“because that’s a technology 
breakthrough” for EMC. Katz 
wants EMC, first and fore- 
most, to improve the granular- 
ity of the management fea- 
tures on the Symmetrix. 

Seyrafi said that although 
EMC has been emphasizing its 
midrange Clariion line and 
software, the high-end Sym- 
metrix array and related soft- 
ware and services still repre- 
sent EMC’s “largest revenue 
component,” accounting for 
40% of revenue. @ 55736 








IBM Services 


Several personnel 
moves announced 


BY STACY COWLEY 
IBM last week said it is reor- 
ganizing its Global Services 
business and has chosen a pair 
of executives to replace the 
group’s leader, John Joyce. 
Joyce, a 30-year veteran of 
IBM who once served as its 
chief financial officer, is joining 
Silver Lake Partners, a private 
technology investment firm. 
Taking charge of IBM Glob- 
al Services will be Ginni 
Rometty, senior vice president 
of enterprise business ser- 
vices, and Mike Daniels, 
senior vice president of IT 
services. The two will report 
to IBM CEO Sam Palmisano. 





Charles King, an analyst at 


Head Leaves Amid Reorg 


Pund-IT Research in Hayward, 
Calif., said the dual manage- 
ment structure makes sense 
for the Global Services busi- 
ness, which he called a “behe- 
moth within a behemoth.” 

“T think the idea of dividing 
it into disparate organizations 
makes a good deal of sense,” 
he said. 

An IBM spokesman said the 
moves were not made in re- 
sponse to problems in the ser- 
vices business. Although the 
unit fell short of expectations 
in the first quarter, it appears 
to have righted itself since. 
Global Services boosted its 
contracted backlog by $3 bil- 
lion year over year in the sec- 
ond quarter. 

The spokesman said the re- 
aligned services group will fo- 
cus more heavily on “high val- 





ue” skills, like those in the 
Business Consulting Services 
(BCS) group IBM formed 
around its acquired Price- 
waterhouseCoopers Consult- 
ing practice. Rometty previ- 
ously ran BCS. 

Daniels, who joins Rometty 
at the helm of Global Services, 
previously ran sales for IBM 
Americas. He will be replaced 
in that role by Marc Lauten- 
bach, who was general manag- 
er of IBM’s small- and mid- 
size-business efforts. 

IBM’s new structure also 
spotlights executive Bob Mof- 
fat, who was named senior 
vice president of integrated 
operations. 

At the same time, IBM said 
that Janet Perna, general man- 
ager of the information man- 
agement unit, plans to retire 





after more than two decades 
with the company. Her job will 
go to Ambuj Goyal, general 
manager of IBM’s Workplace, 
Portal and collaboration soft- 
ware division. 

In another executive move, 
IBM promoted Nicholas 
Donofrio to executive vice 
president of technology and 
innovation. He will oversee a 
number of areas, including 
IBM’s famed research group. 

Keeping IBM Global Ser- 
vices running smoothly is a 
priority for the company, 
which has reshaped itself in 
the past decade around the 
services business. Prudential 
Equity Group LLC analyst 
Steve Fortuna praised Global 
Services as a gem that’s under- 
appreciated by Wall Street. 
@ 55739 


Cowley writes for the IDG 
News Service. 
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Web Services Mature, See 
More B2B Transaction Use 


Companies launch 
projects to link to 
business partners 


BY HEATHER HAVENSTEIN 
Buoyed by improved technol- 
ogy and maturing standards, 
many IT operations are ramp- 
ing up efforts to extend the 
use of Web services from ap- 
plication integration projects 
to ones involving business-to- 
business transactions. 

For example, Starwood Ho- 
tels & Resorts Worldwide Inc., 
this month purchased Web 
services management tools in 
preparation for a major devel- 
opment project that’s due to 
begin this fall. 

Starwood plans to move its 
loyalty business application 





and its core IT system — a 
reservation and booking en- 
gine — off its mainframe, said 
Tom Conophy, chief technolo- 
gy officer at the White Plains, 
N.Y.-based company. 

The project is part of a 
4-year-old effort to migrate 
from mainframe-based sys- 
tems to distributed hardware 
running Linux and Unix. The 
new IT platform will include a 
services layer to expose busi- 
ness logic to Starwood’s call 
centers and its partners in the 
sales channel and other areas. 

By March 2006, Starwood 
plans to begin moving its 700 
hotels to the new reservation 
system while boosting the 
number of Web services it has 
in production from 60 to 150. 

Conophy said Starwood will 





use a Web services broker and 
a centralized control console 
tool from Actional Corp. in 
Mountain View, Calif., to re- 
place homegrown tools cob- 
bled together two years ago. 

“We wanted better automa- 
tion to track performance of 
services, the latency of ser- 
vices and to tell us if some- 
thing is outside of the norm so 
we could take action on it,” 
Conophy said. 


| Savings Anticipated 


| Migrating the reservations ap- 


plication off the mainframe 
will cost between $10 million 
and $60 million, Conophy 
said. In the end, however, he 
expects the entire mainframe 
migration to net $10 million to 
$20 million in annual savings. 


Sprint Offers to Gauge Mobile Needs, 
Strategies With Assessment Service 


Early user looks 
to lower costs, 
boost IT’s control 


BY MATT HAMBLEN 
Sprint Corp. today will launch 
a service through which it 
will assess companies’ mobile 
technology needs and offer 
them advice on managing 
handhelds, cell phones, sup- 
porting software and their 
wireless service plans. 

Sprint will price its Mobile 
Business Assessment (MBA) 
service at $50,000 to $70,000 
for engagements that last four 
to eight weeks, making the 
commitment far less expen- 
sive than full-fledged profes- 
sional services contracts are, 
said Scott Boehmer, general 
manager of the vendor’s Mo- 
bile Business Solutions unit. 

Sprint will be agnostic 
about wireless products and 
services, Boehmer said, 
promising that MBA isn’t de- 





signed to push its own offer- 
ings. The vendor will send 
teams of consultants into com- 
panies to interview employees 
and analyze mobile installa- 
tions and corporate policies. It 
will then produce reports and 
provide advice on developing 
long-term mobile strategies 
and lowering costs. 

Sprint recently finished a 
pair of assessments for Carl- 
son Companies Inc. at a 
combined cost of less than 
$100,000, said Brian Vik, direc- 
tor of telephony solutions at 
the Minneapolis-based hospi- 
tality and travel company. The 
assessments involved inter- 
views with 92 employees in 15 
business units, plus a review 
of mobility policies and 
monthly expense records. 

Vik said Sprint found that 
Carlson was spending more 
than $4 million annually on 
mobile technology and ser- 
vices. It made recommenda- 
tions that could drive those 





costs down by 35% and help 
Carlson make better use of 
mobile technology, he added. 

“We found in the assess- 
ments that we were very unor- 
ganized with our wireless ap- 
proach, whether it be using 
cell phones or BlackBerries,” 
Vik said. He noted that Carl- 
son’s current approach is 
based on the personal prefer- 
ences of end users instead of 
a corporate plan. “We need 
policies,” he said. 


44 We found... 
that we were 
very unorganized 
with our wireless 
approach, whether it 


BRIAN VIK, DIRECTOR, TELEPHONY 
SOLUTIONS, CARLSON COMPANIES 
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Wide inte ale 


| ufacturers. 


How do you envision using 
Web services within your 
organization in the next year? 


Internal application 
integration 
Integration with part- 
ners and customers 


Building composite 
applications 


We don't plan to 
use Web services in 


Base: Survey of 200 IT and business managers 

Respondents cour choose ail that applied. 

Stratus Technologies Inc., 
a maker of fault-tolerant 
servers, last month went into 
production with a Web ser- 
vices business-to-business 
system that replaced its pro- 
prietary system for managing 
invoicing, order confirmation 


Carlson hopes to implement 
Sprint’s recommendations 
over the next six to 18 months. 
One decision already made 
following the assessments was 
to name an executive sponsor 
of the mobility program. Carl- 
son chose its vice president of 
human resources to handle 
the chore of “sending a tough 
message” that all mobile de- 
vices used by workers need to 
be bought and controlled by 
the company, Vik said. 

Only about half of the 3,500 
or so devices now used by 
Carlson’s workers are owned 
by the company. Going for- 
ward, if an employee’s job re- 
quires a device such as a smart 
phone or a BlackBerry, “we 
will pay [the cost] because the 
function requires it,” Vik said. 

Sprint’s program is unique 
among network carriers, said 
Gene Signorini, an analyst at 
The Yankee Group in Boston. 
Signorini said Sprint “has to 
come into a company with a 
technology-agnostic approach 
or they won’t have credibility.” 
But, he added, users shouldn’t 
forget that MBA “opens up the 
opportunity for Sprint to sell 
other services.” @ 55741 





and shipment document ex- 
changes with its contract man- 


Maynard, Mass.-based Stra- 


| tus used an enterprise service 
| bus (ESB) from Waltham, 
| Mass.-based Cape Clear Soft- 


ware Inc. to replace a messag- 
ing system that directly ex- 


| changed data between its own 


ERP system and those of its 
manufacturers. 
Cecelia LeBlanc, IS manager 


| at Stratus, said the company 

| expects the ESB to lower 

| maintenance costs by 70% and 
| boost productivity by 20%. 


| Escaping the Enterprise 


Vendors, meanwhile, have 


| been enhancing their tools to 
| support Web services outside 


the enterprise. 
Earlier this month, SOA 
Software Inc. in Santa Monica, 


| Calif., announced a new ver- 
| sion of its XML VPN Web ser- 
vices tool set that added sup- 


port for digitally signing mes- 


| sages. And Oracle Corp. un- 

| veiled an integrated business 
| process platform designed to 
| help companies secure and 


manage internal or external 


| Web services. 


Ron Schmelzer, an analyst at 


| ZapThink LLC in Waltham, 
| Mass., said the use of Web ser- 


vices for external transactions 
is reaching a tipping point, as 


| vendors beef up their prod- 
| ucts to address critical chal- 


lenges such as services or- 


| chestration and security based 
| on maturing standards. 


Thomson Learning, a pro- 
fessional and academic testing 
company in Stamford, Conn., 
has finished a project under- 
taken with its business part- 
ners to develop a system that 
uses Web services to schedule 
tests and transmit scores. 

This month, the company 
will begin working on a sys- 
tem to manage the identity 
verification process in its 
business-to-business trans- 
actions. The goal is to make it 
possible for its partners to eas- 
ily pass through various Web 
services as a back-end security 


| token server automatically 


verifies end-user identities, 

said Christopher Crowhurst, 
Thomson vice president and 
principal architect.@ 55733 





8 COMPUTERWORLD July 25, 2005 


Intel Unveils Pair of 
Itanium 2 Chips 


Intel Corp. has taken the wraps 
off two new Itanium 2 processors 
that should tide the company over 
until the expected launch of its 
first dual-core Itanium processor 
later this year. intel said that it 
added two 1.66-GHz Itanium 2 
processors that are notable be- 
cause they each have a 667-MHz 
front-side bus, which provides a 
faster link between the CPU and 
the system’s main memory. 


IBM’s Results 
Return to Form 


IBM returned to financial form in 
the second quarter, reporting in- 
come growth and solid revenue 
after scaring financial analysts by 
falling short of expectations in its 


IBM BY THE NUMBERS 


i2 Stock Is Back on 
Nasdaq Exchange 


After a two-year hiatus, shares of 
i2 Technologies inc. stock can be 
traded on the Nasdaq Stock Mar- 
ket. The Dallas-based vendor said 
that the Nasdaq Listing Qualifica- 
tions Panel agreed to jet i2 com- 
mon stock return to the exchange 
late last week. New York-based 
Nasdaq began delisting efforts 
against i2 in late March 2003. 
Since May 2003, i2 stock has 
traded on the National Quotation 
Service Bureau. 


Lucent Profit Down, 
But Sales Up 7% 


Lucent Technologies Inc. reported 
a decline in profit for its third fis- 
cal quarter, although strong sales 
of third-generation mobile net- 
work gear helped boost revenue. 


LUCENT BY THE NUMBERS 
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The Security Cliff... 


. ..on your network edge. With PDAs, smart phones, 
USB fobs, laptops and other portable devices attach- 
ing to and detaching from your network at will, you 
need to heed warnings that crucial corporate data 
might slip by your firewalls, intrusion-detection 


systems and user 
authentication proc- 
esses. “IT managers 
have been totally 
blindfolded with re- 
gard to the security of 
endpoints,” argues Gil 
Sever, CEO of Safend 
Ltd. in Tel Aviv. In 
early September, the 
company hopes to 
remedy part of the 
problem with its new Safend 
Protector software. The tool 
includes client-side code for 
Windows-based systems that 
enforces device access poli- 
cies at the corporate, depart- 
mental or individual level. 
For example, you can restrict 
a laptop’s ability to print to 
different printers based on its 
location or serial number. Or 
you can allow end users to 
read from USB thumb drives 
but not write to them. When 
you install Protector or 
change access policies, you 
need not reboot your PCs, 
Sever says. Pricing will start 
at $32 per seat, and volume 
discounts are available. 
While many of you manage 
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mobile workers 
whose pockets are 
stuffed with all man- 
ner of messaging and 
Web-ready gadgets, 
some of you oh-so- 
lucky ones get to sup- 
port countless con- 
sumers accessing 
your systems with an 
even wider array of 
digital devices. How 
do you know the person who 
just downloaded her stock 
portfolio to a Palm device is 
who she says she is? A static 
ID and password, perhaps? 
Stu Vaeth, chief security offi- 
cer at Diversinet Corp. in 
Toronto, thinks that isn’t 
enough. His company’s Mobi- 
Secure software lets you dy- 
namically provision pass- 
words to mobile devices via 
soft tokens. The tiny app runs 
on BlackBerry, Java, Palm, 
Symbian and Windows CE 
handhelds and is accessed via 
a PIN. It calls a back-end se- 
curity application to verify 
the device so the user can 
then sign in. VeriSign Inc. 
liked MobiSecure enough to 





plan field tri- 
als for later 
this summer 
with the in- 
tention of 
rolling out 
the software 
in the fall as 
part of its 
United Au- 
thentication 
technology. 
Diversinet also hopes to sell 
MobiSecure through other 
vendors, Vaeth says. 

The treacherous network 
edge is made even scarier by 
malicious or incompetent end 
users who can easily access 
and distribute confidential in- 
formation. According to Steve 
Roop, vice president of mar- 
keting at Vontu Inc. in San 
Francisco, 68 security breach- 
es had been made public 
this year through mid-July, 
prompted partly by Califor- 
nia’s data breach disclosure 
law. Of the 64 incidents in 
which the source of the data 
leak has been identified, 

49% were caused by insiders, 
Roop says. He claims the 
Vontu 5.0 security software 
suite, which is due to ship by 
the end of September, can 
vastly reduce your chances of 
getting burned by your end 
users. A new module called 
Vontu Discover crawls 
through your network looking 
for more than 200 file types 
that may contain private data. 
Roop says the software can 
take a “fingerprint” of infor- 
mation you want to secure — 
customer data, source code, 
chemical formulas — and look 
for exact matches on storage 
devices throughout a global 
network. Vontu’s tools then 
block the unauthorized send- 
ing of such data via e-mail, 
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HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY BUZZ BY MARK HALL 


FTP or other means. Pricing 
for the suite will start at 
$100,000. 


Terminal-emulation 
market is not... 

. .. in terminal condition. So 
says Zvi Alon, CEO of Net- 
Manage Inc. in Cupertino, 
Calif. Alon continues to pock- 
et cash by selling 3270, 5250 
and other hoary terminal- 
emulation programs. “Com- 
panies are buying them in the 
tens of thousands all the 
time,” he says. That’s because 
when companies upgrade 
their desktop machines, they 
generally need new software, 
including terminal emulators. 
The so-called webification of 
Cobol-laden mainframe ap- 
plications hasn’t hurt his 
business a bit, Alon says, 
claiming that barely 5% of 
mainframe apps can be ac- 
cessed by a browser. NetMan- 
age does have tools to help IT 
migrate mainframe programs 
for browser access. But a big- 
ger market, Alon suggests, is 
integrating corporate apps 
into overall business process- 
es. To that end, he hints that 
by year’s end, NetManage 
will deliver an application- 
development framework that 
lets programmers use scripts 
to link mainframe and non- 
mainframe apps in business 
or service processes. 


Word users get on 

the XML content. . . 

. .. Management road with a 
free patch from Astoria Soft- 
ware Inc. in San Mateo, Calif. 
An update to Astoria XML 
Content Management Plat- 
form 4.4 lets Word users 
check documents in and out 
of the vendor’s content repos- 
itory and follow the work- 
flows of documents. Accord- 
ing to Joe Eschbach, Astoria’s 
vice president of marketing, 
end users won't have to learn 
new content-authoring tools 
such as XML-ready Frame- 
Maker or Epic. The patch 
ships by July 29. @ 55695 








—s 


= = /S< Choose and receive any of these 3APC sl al 
Sinieis thaw” white papers within the next 90 days for FREE!" 
and receive —-— ie OO White Paper #40 “Cooling Audit for Identifying Potential Cooling Problems in Data Centers” 
any of these 3 valuable 0 White Paper #42 “Ten Steps to Solving Cooling Problems Caused by High Density Server Deployment” 
. a8 O White Paper #117 “Network-Critical Physical Infrastructure: Optimizing Business Value” 
| APC white papers within - | aii 
| the next 90 days for FREE! TYE! ree sine mye pes. DINO, eet ase ee c919x 


| Key Code What type of availability solution do you need? 
| http://promo.apc.com c919x CI UPS: 0-16KVA (Single-phase) CUPS: 10-80KVA (3-phase AC) CI UPS: 80+ kVA (3-phase AC) CO) DC Power 
. CI Network Enclosures and Racks (Precision Air Conditioning (Monitoring and Management 
(888) 289-APCC x3438° FAX: (401) 788-2792 O\Cables/Wires C Mobile Protection ( Surge Protection (UPS Upgrade OC Don't know 
Purchase timeframe? (1) <1 Month ©) 1-3Months (13-12Months (1Yr Plus OC Don't know 
You are (check 1): (1 Home/Home Office ( Business (<1000 employees) OC) Large Corp. {>1000 employees) 


Arc CO Gov't, Education, Public Org. CO APC Sellers & Partners 


Legendary Reliability” 


1 OWnE XAM4EE . a pport@apc 





BUSINESS REPLY MAIL 


FIRST-CLASS MAIL PERMIT NO. 36 WEST KINGSTON Ri 
POSTAGE WILL BE PAID BY ADDRESSEE 


Arc 


KEY CODE: c919x 

Department: B 

132 FAIRGROUNDS ROAD 

PO BOX 278 

WEST KINGSTON RI 02892-9920 


NO POSTAGE 
NECESSARY 
IF MAILED 
IN THE 
UNITED STATES 


How to Contact APC 


Call: (888) 289-APCC 


use the extension on the reverse side 


Fax: (401) 788-2792 
Visit: http://promo.apcc.com 


use the key code on the reverse side 


Arc 


Legendary Reliability® 





TOUR NTE eRe CAMEL 


NCAP UGA ITIC AMC TCMS TIOGA UMTS SMOLM CTI Mme TICUM CUCU CONTY 


——— 


ee 
—— eee Ree Ret 


Te ma 
in-row aw conditione = 


as 
TS Ur 
Unit (PDU) ha 


Now you can quickly deploy a 
standard- or high-density site of any size What is 


with scalable, top-tier availability. v data center 


Part Usable Average Price Price to lease on demand? 
Number ITRacks kW per Rack to buy (36 installments) Al] multi-rack configurations feature: 


SKeRISYI6Kt6eS 1 = uptoSkW "14,999 s4ggr |, N+ power and cooing | 
J Secure, self-contained environment Infra Stru ure 


ISXT240MD6R 6 up to5kW 149,999" 4,999" ao Peak capacity of 20kW per rack 


J Enhanced service package 


ON DEMAND 


ISXT240MD11R 11 up to5kW £249,999 7,999" 


J Integrated management software 


ISXT280MD40R 40 up toSkW 699,999" 21,999" 
isxT2s00M0100R +100 uptoSkW 1,649,999" %50,999" 


High Density Configuration (shown above) 
ISXT280HD8R 8 up to 10kW 399,999" *%12,999" 


High density upgrades start at *10,999 InfraStruXure” Manager 
On-site power generation options start at 29,999 


ceatany Ante oe 
sere Patent 


Visit today and receive FREE APC White Papers 


Visit us online and download APC White Papers 


i Don’t see the configuration you need? 
Try APC's online InfraStruXure BuildOut Tool today and build your own solution 
Go to Attp://promo.ape.com and enter key code c919x. Call 888-289-APCC x3438 — Legendary Reliability” 


InfraStruXure™ BuildOut Tool include IT equipment 


©2005 American Power Conversion Corporation. All trademarks are the property of their owners. E-mail: esupport@apcc.com © 132 Fairgrounds Road, West Kingstor Ri 02892 US. 





re 10 COMPUTERWORLD July 25, 2005 


BRIEFS 


EDS Wins $170M 
Medicaid Pact 


The state of Kentucky awarded 
Electronic Data Systems Corp. a 
contract valued at up to $170 mil- 
lion to implement a management 
information system for Medicaid. 
The agreement also calls for EDS 
to update and operate the state’s 
legacy Medicaid system. The new 
system will be based on EDS’s 
interChange Health System, 
which is also running in Okla- 
homa, Kansas and Pennsylvania. 


Strong PC Demand 
Fuels Intel Results 


Intel Corp. credited stronger- 
than-expected PC demand for a 
solid increase in second-quarter 
revenue and net income. 


PROFIT 


cs 


IBM Buys Electronic 
Forms Company 


IBM has agreed to buy PureEdge 
Solutions inc. for an undisclosed 
sum. IBM plans to integrate 
PureEdge’s electronic forms tech- 
nology into its Workplace and 
Lotus collaboration products. 
Victoria, British Columbia-based 
PureEdge, an IBM business part- 
ner, builds XML-based software 
that can customize business ap- 
plications as well as capture and 
display data in other applications. 


Microsoft Sues 
Google Over Hiring 
Microsoft Corp. has filed a lawsuit 
against Google Inc. over its hiring 
of a former Microsoft executive. 
In a complaint filed in Superior 
Court in Washington, Microsoft 
alleges that Kai-Fu Lee, who 
joined Google to head research 
and development efforts in China, 
is violating a noncompetition 
agreement. Until last week, Lee 
was corporate vice president of 
Microsoft’s Natural Interactive 
Services division. 


NEWS _ 


IT Managers Criticize 


| BY LUCAS MEARIAN 
HE PROGRESS of a 
U.S. Senate bill that 
would require com- 
panies to disclose 
any compromise of sensitive 
data was slowed last week to 
allow for more input from 
senators. 

Several IT managers inter- 
viewed last week criticized the 
proposed bill because it calls 
on companies to disclose the 
loss of data regardless of 
whether it’s encrypted — and 
because it calls for fines of up 
to $11 million for failing to re- 
port losses. The managers con- 
tend that encrypted data is un- 
likely to be translated if stolen 
or lost 

The federal proposal comes 
after several firms reported 
the loss of personal data in re- 
cent months through the theft 
or loss of tapes and through 
Internet breaches. 


Consideration Postponed 
The Identity Theft Protection 
Act was slated to be presented 
to the Senate Committee on 
Commerce, Science and Trans- 
portation last week, but the 
move was postponed “due to 
overwhelming member inter- 
est in identity theft legislation,” 
according to the committee’s 
Web site. The bill is sponsored 
by Commerce Committee 
Chairman Sen. Ted Stevens (R- 
Alaska) and Sen. Daniel Inouye 
(D-Hawaii). 

If the bill becomes law, or- 
ganizations that hold sensitive 
personal data will be required 
to secure it with “physical and 
| technological safeguards that 
will be specified by the Feder- 
al Trade Commission.” 

“You're micromanaging, and 
you're going to add some dol- 
lar amount to someone's busi- 
ness that has no effect on the 
general population,” said Bo 
| Coughlin, vice president of the 








commercial services division 
at Time Warner Cable Inc. 
Time Warner last spring re- 
ported the loss of backup tapes 
that contained the personal 
information of about 600,000 


| current and former employees 


[QuickLink 54151]. 

Coughlin said he under- 
stands the principle behind the 
bill — to protect and inform 
the public. However, he said 
companies already do all they 
can and contended that the law 
would be a deterrent to en- 
crypting data on digital tapes. 

Sophie Louvel, an analyst at 
Financial Insights in Framing- 
ham, Mass., said encrypted 
data isn’t protected as fully as 





Federal Data-Loss Bill 


| Contend lost encrypted data need not 
be reported, act would incur expenses 
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some companies believe. “The 
encryption can be decrypted 
pretty easily,” she said. 

Charlie Fulks, CEO of Cred- 
it Union Data Processing Inc. 
in Farmington, Utah, whose 
firm started encrypting data 
this year, also opposes a re- 
quirement that the loss of en- 
crypted data be reported. 

Fulks pointed out that en- 
crypted digital tapes that get 
lost in transit are very secure. 

Lev Katz, data center opera- 
tions manager at MidAmerica 
Bank in Naperville, Ill., said he 
would want to be notified if 
his personal data was compro- 
mised, even if it was encrypt- 
ed. “And I’m working at a 
bank, so that means a lot to 
me,” he said. 

Daniel Chow, an IT systems 
and security engineer at Boe- 
ing Employees’ Credit Union 
in Tukwila, Wash., said he 
“strongly” agrees with the bill 
in terms of it “lighting a fire 
underneath some firms’ butts 
to start protecting their data.” 


| @ 55734 





Visa, Amex Cut Ties With CardSystems Due to Breach 


VISA U.S.A. INC. and American 
Express Co. are terminating their 
contracts with a credit card 
transaction-processing compa- 
ny that was hit by hacker attacks 
that exposed 40 million card 
numbers to online intruders. 

In separate announcements 
last week, Visa and Amex said 
they are ending their relation- 
ships with CardSystems Solu- 
tions Inc. in Atlanta because the 
company didn’t meet its contrac- 
tual requirements in providing 
credit card processing services 
for merchants. 

After Oct. 31, Visa and Amex 
will no longer allow CardSys- 
tems to process their transac- 
tions. Meanwhile, rival Master- 
Card International Inc. said it will 
continue to work with CardSys- 
tems if it develops a detailed 
plan by Aug. 31 to adequately 
improve security procedures. 

MasterCard last month dis- 
closed that CardSystems’ sys- 
tems were breached. Credit 
cards issued by all three compa- 


nies were affected by the breach 
[QuickLink 55146). 

Rosetta Jones, a spokes- 
woman for San Francisco-based 
Visa, said in a statement that her 
firm's action comes “after an in- 
ternal and forensics review of 
its processing practices demon- 
strated that - in violation of 
Visa's rules - [CardSystems] did 
not have the appropriate con- 
trols in place to protect card- 
holder information.” 

Though the statement ac- 
knowledged that CardSystems 
has worked to fix problems that 
led to the breach, it also said, 
“CardSystems has not correct- 
ed, and cannot at this point cor- 
rect, the failure to provide proper 
data security for Visa accounts.” 

According to Jones, Card- 
Systems kept cardholder data 
on file after transactions were 
processed, which is in violation 
of its agreement with Visa. 

Judy Tenzer, a spokeswoman 
for New York-based Amex, 
wouldn't comment on the direct 


cause of that firm's termination 
of the contract with CardSys- 
tems. A spokesman for Card- 
Systems didn’t respond to nu- 
merous requests for comment. 

A MasterCard spokeswoman 
said that the company first be- 
came aware of the CardSystems 
breach in May and promptly 
launched an investigation. 

In a statement last week, 
MasterCard said it will continue 
to work with CardSystems, at 
least in the short term, because 
the company has worked to im- 
prove its security and proce- 
dures since the spring. 

“However, if CardSystems 
cannot demonstrate that they are 
in compliance by [Aug. 31], their 
ability to provide services to Mas- 
terCard members will be at risk,” 
the statement said. Merchants 
will be able to choose another 
processing company to provide 
the services once CardSystems’ 
agreements with Visa and Amex 
have ended, Tenzer said. 

- Todd R. Weiss 
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At one time, DHL had a data center in every country in which 
it operated. The result was a massive collection of small IT 
networks —without a mission control. With the help of HP 
Services and HP OpenView software, hundreds of data centers 
became three. By consolidating, DHL is now better able to share 
information, implement IT changes globally and “see” their 
entire network from a single point of control. Now,.change never 
goes unnoticed. For more on HP’s Consolidation Solutions, visit 








a ae 


ee te eat 








= 


ad 






| 


12 —compurerwortD July 25, 2005 


OLN 


African Countries Try to 
Boost BPO Investments 


ACCRA, GHANA 
OLLOWING A ROUTE that was 
sie by India and the Philip- 
pines, countries throughout 

Africa are trying to become competi- 
tive destinations for business process 
outsourcing (BPO) by promoting low- 
cost labor, offering tax breaks and 
building up their IT infrastructures. 

KenCall EPZ Ltd. recently opened in 
Nairobi as Kenya’s first international 
call center, for instance. Mauritius is 
building a second “cyber tower” office 
building in the city of Ebene to host 
BPO vendors. And Botswana is making 
a big push for BPO investments with a 
favorable corporate tax 
rate of 15% that’s guaran- 
teed until June 2020. 

South Africa leads 
Africa’s BPO sector with 
call centers and all types 
of back-office operations, 
said Peter Ryan, an ana- 
lyst at London-based 
Datamonitor PLC. In 
South Africa, call center 
agents are paid an aver- 
age of 30% less than they 
are in the U.K., speak 
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English as a first language and can 
handle complex, unscripted calls, 
said Luke Mills, executive director of 
CallingtheCape, a nonprofit agency 


| that promotes the call center outsourc- 


ing industry in Cape Town. 
w JOHN YARNEY, IDG NEWS SERVICE 


Aussie Broadcaster 
Builds Digital Archive 


SYDNEY 
USTRALIAN BROADCASTING Corp. 
Avvo this month will begin digi- 
tizing its entire film and radio 
archive, in a $15 million (Australian) 
project that may set a national record 
for digital storage capacity. 

The archive will grow to 1.5 peta- 
bytes in three to five 
years, without counting 
new content, said Fred 
Spark, manager of sys- 
tems management ser- 
vices at the Sydney-based 
broadcaster. ABC has set 
up a workshop where 
three shifts of seven peo- 
ple will do the labor- 
intensive conversion 
work, he said. 

Over the past nine 
months, the company has 





installed IBM servers, storage arrays 
and tape libraries to support the 
digital archive. 

Tape is the best option for an 
archive of the size planned by ABC, 
Spark said. He added that the data will 
| be readily accessible for producers to 
retrieve footage and audio reports “in 
minutes rather than hours or days.” 
mw RODNEY GEDDA, 
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North ard South Korea 
Connect Telecom Cables 


TOKYO 
BER-OPTIC CABLES in North Ko- 

F:: and South Korea were inter- 
connected last week, marking 

the first time that telecommunications 

networks between the two countries 

have been joined. 

The cables, which belong to KT 
Corp. in the south and state-run Korea 
Post and Telecommunications Corp. 
in the north, will be used to provide 
communications and Internet services 
between the two nations, said KT 
spokeswoman Suzie Nam. 

The linkage is expected to be espe- 
cially important for a new industrial 
zone in the city of Kaesong, which lies 
a few kilometers north of the border 
and is intended to be used by South 
Korean manufacturers. @ 55684 
mw MARTYN WILLIAMS, IDG NEWS SERVICE 
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Briefly Noted 


The European Commission this 
month issued a directive requiring 
all 25 European Union member 
countries to make available the 
5-GHz frequency band for wireless 
services, starting Nov. 1. The move 
enables Wi-Fi service providers to 
offer faster transmission rates and 
avoid capacity shortages on the 
2.4-GHz band they now use. 

m@ SIMON TAYLOR, IDG NEWS SERVICE 


Lombard Canada Ltd., a Toronto- 
based insurance company, has 
moved its core applications off 
mainframes and onto distributed 
servers running Windows Server 
2003 and SQL Server, according to 
an announcement made last week 
by two software vendors involved in 
the migration. The vendors are 
Cybermation Inc. in Mazkham, On- 
tario, and Micro Focus International 
Ltd. in Newbury, England. 


Similarity Systems Ltd., a vendor 
of data quality management soft- 
ware in Dublin, last week said it 





Levitt: Push for Sarb-Ox 
Reforms Is ‘Shortsighted’ 


BY THOMAS HOFFMAN 
When Congress moved to 
craft the Sarbanes-Oxley Act 
of 2002, legislators assembled 
the bill “in record time,” said 
Arthur Levitt, former chair- 
man of the U.S. Securities and 
Exchange Commission. How- 
ever, he said, the authors did 
little to work with company 
executives to determine the 
demands the law would place 
on businesses. 

Still, business leaders who 
are pushing hard for major re- 
forms to ease Sarbanes-Oxley 
prerequisites because of the 
high costs of compliance “are 
being shortsighted,” said Levitt. 
The mandates for public com- 
panies to document financial 
controls “have been well worth 


the costs” for investors, he said. 

“If you have any doubts, ask 
those thoughtful shareholders 
for any of those 586 companies 
that reported material weak- 
nesses [with their internal con- 
trols] during the first four 
months of the year,” said Levitt, 
now a senior adviser at The 
Carlyle Group in Washington. 

Levitt was a panelist at a 
regulatory compliance confer- 
ence in Washington last week 
that was sponsored by Bind- 
View Development Corp., a 
Houston-based security soft- 
ware provider. 

Unlike the authors of Sar- 
banes-Oxley, the writers of the 
Health Insurance Portability 
and Accountability Act actively 





sought involvement from health 





care industry professionals in 
order to make the requirements 
scalable and practical, said John 
Parmigiani, co-author of the 
HIPAA security provisions. He 
is president of John C. Parmi- 
giani and Associates LLC, an El- 
licott City, Md.-based 
consulting firm. 

“You need to get 
a lot of involvement 
from industry when 
crafting regulations, 
and you need to 
set realistic time 
frames,” said Parmi- 
giani. “If you're a 
two-person [med- 
ical] clinic, you can’t 
take [the same ap- 
proach to HIPAA compliance] 
as the Mayo Clinic.” 

The lack of such coopera- 
tion is one reason why certain 
Sarbanes-Oxley requirements 
can be open to interpretation, 
some IT executives said. 
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“well worth the 
costs.” 


“If we were told passwords 
had to expire at least twice per 
year, we could easily meet the 
requirement,” said Joseph 
Puglisi, CIO at Emcor Group 
Inc., a mechanical and electrical 
systems contractor in Norwalk, 

Conn. “But we and 

the auditors have to 

negotiate on what we 
% think is acceptable.” 


a eC When many large 


public companies 
had to document 
and test their inter- 
nal controls for the 
first time under 
Section 404 of Sar- 
banes-Oxley last 
year, the exercise 
was a real bear for IT depart- 
ments, said Everett C. John- 
son, international president of 
the Information Systems Audit 
and Control Association. 
Since most IT departments 
never audited IT controls 





in the past, “the process 
turned into an Ironman 
event,” he said. However, 
Johnson added, the audit re- 
quirements “helped lead to 
better compliance.” 

Dave A. Richards, president 
of The Institute of Internal Au- 
ditors in Altamonte Springs, 
Fla., said that for the hundreds 
of companies that met Section 
404 requirements for the first 
time in January, 20% of their 
time on compliance efforts was 
spent documenting their con- 
trols. Between 15% to 20% of 
that work was devoted to re- 
mediating that documentation. 

Levitt said he believes in- 
coming SEC Commissioner 
Christopher Cox will work 
with legislators to modify re- 
quirements imposed under 
Sarbanes-Oxley, such as mak- 
ing it less expensive for small- 
er businesses to comply with 
Section 404, @ 55719 
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Continued from page 1 
Interex 


man, a Unix administrator at 
the West Virginia Bureau of 
Employment Programs in 
Charleston, said she was 
stunned by the cancellation 
of HP World 2005. Workman 
was scheduled to give a pre- 
sentation about her agency’s 
disaster recovery plan at the 
conference. HP World “was 
actually the one conference I 
did enjoy,” she said. “It was ba- 
sically geared to the users — 
not controlled by the vendor.” 

“Wow, what a waste,” said 
Paul Gerke, a systems admin- 
istrator for Clark County in 
Vancouver, Wash., referring to 
the demise of Interex. 

Gerke said HP World was a 
good source of unfiltered in- 
formation about HP products. 
In comparison, the presenta- 
tions at a storage conference 
that was run by HP in May 
“were all very ‘HP, rah-rah,’” 
he said. For that reason, Gerke 
had decided not to attend HP 
Technology Forum 2005, the 
new conference the vendor is 
holding in September. 

Interex closed without ex- 
planation. Calls to its office 
weren't returned, and a state- 
ment posted on its Web site 
last Monday said only that the 
group’s leaders “have found it 


| 
| 
| 
j 
| 
| 
| 





| financially necessary to close 
the doors.” Interex is expected 
| to file for bankruptcy protec- 


| 
| 
| 
| 
| 


tion, sources said. 


A Big Choice 

The shutdown came almost 
exactly one year after HP said 
it planned to run its own con- 
ference [QuickLink 48350]. In- 
terex and the three other inde- 


| pendent HP user groups faced 


a big choice: Join HP as co- 


| sponsors or continue to hold 


separate events. 

Interex decided last August 
to go forward with HP World, 
which was a major source of 
revenue for the Sunnyvale, 
Calif.-based user group. 

But some people were wor- 
ried. In late March, Kees den- 
Hartigh, HP World program 
co-chairman and a systems 
network analyst supervisor at 


| the University of Alberta in 


Edmonton, wrote to new HP 
CEO Mark Hurd to express his 
concerns about the competi- 
tive threat posed by HP’s con- 
ference and the appearance 


| that HP was “working hard to 
| put Interex out of business.” 


In his letter, which he pro- 
vided to Computerworld last 
week, denHartigh said he had 
heard reports that some ven- 
dors weren't going to lease 


| trade show floor space at HP 


World because they would 
have booths at the HP Tech- 


it is with great 


NEWS 
| e% sadness, that 
after 31 years, 


we have found it finan- 
cially necessary to close 
the doors at Interex.. . . 
We dearly wish that we 
could have continued 
supporting your needs 
but it was unavoidable. 


FROM A STATEMENT TO INTEREX 
MEMBERS POSTED ON THE USER 
GROUP’S WEB SITE 


nology Forum instead. 

Hurd didn’t respond, den- 
Hartigh said, although a simi- 
| lar letter he sent in February 
did get a response from HP 
that said his view of its inten- 
tions was inaccurate. 


Conference Cutbacks 
HP remained a premier spon- 
sor of this year’s HP World, at 
a cost of about $100,000, ac- 
cording to Interex members 
and conference organizers, 
who asked that their names 
not be used. But it drastically 
cut back on its trade show 
presence, the sources said. 
HP leased 7,000 square feet 
of floor space at HP World 
2004 but was taking only 900 
square feet this year, they said. 
HP also told Interex that it 





OpenView Group Rescinds Plan to Combine Events 


of HP’s software unit decided 
that the needs of OpenView 
users and the user group's ability 
to meet those needs “are much 
better served by having a soft- 
ware-specific conference,” 
Potter said via e-mail. 

The location and dates of HP 
Software Forum 2006 have yet 
to be determined. That informa- 
tion will be announced in late 
August, according to an online 
newsletter that was posted on 
the OVFI’s Web site on July 15. 

in the newsletter, the OVFI 
said it will support the inaugural 
HP Technology Forum in Sep- 
tember as a venue for OpenView 
users who need training in other 
areas. Whether the OVFI will 


take part in HP’s conference 
next year will be decided at a lat- 
er date, said Gersch, a consul- 
tant based in Loveland, Colo. 

David Parsons, an HP vice 
president, said OVF! members 
“made a pretty strong case” for 
continuing the HP Software Fo- 
tum as a separate show. The 
conference “will be held for 
many years down the road, 
absolutely,” Parsons said. 

ITUG, a group for users of 
HP’s NonStop systems, will go 
ahead with the TUG Summit 
2005 in October, said Chairman 
Richard Buckle. The group will 
have “a very small presence” at 
HP's event, he added, 

~ Matt Hamblen 





intended to cut back on the 
number of technical sessions 
it supported at HP World. 


In the past, HP workers typ- 


ically handled about half of 
the conference’s 400 sessions. 
But HP initially said it would 
do only 20 sessions this year, 
according to the sources. It 
later raised that figure, but 
only to 38, they said. 

David Parsons, HP’s vice 
president of enterprise mar- 
keting for the Americas re- 
gion, confirmed the details 
about this year’s plans. But 
Parsons said there were good 
reasons for the changes. 

About 700 HP employees at- 
tended HP World 2004, and 
the company used the confer- 
ence for technical training of 
its workers as well as users 
and business partners. This 
year, HP wanted to provide 
the training at its own event. 

HP didn’t intend to hurt In- 
terex, Parsons said. He added 
that the company laid out its 
HP World support plans last 
year and that the user group 
“made a business decision” to 
pursue its own course. 

The Encompass, ITUG and 
OpenView Forum Internation- 
al user groups said they re- 
main on solid financial foot- 
ings. Both the OVFI and ITUG 
said they plan to continue 
holding their own conferences 
while working with HP on its 
event (see story at left). 

Garry Smith, director of in- 
formation systems at manu- 
facturer Charles McMurray 
Co. in Fresno, Calif., is a for- 
mer president of an Interex 


| chapter in central California 


that had 120 members until it 
stopped meeting in 2002. 

Smith said attendance 
dropped dramatically as mem- 
bers diversified beyond the 
now-discontinued HP e3000, 
the system that prompted the 
formation of Interex. “It’s dis- 
appointing to hear of Interex 
closing, but that’s the evolu- 
tion of things,” he said. 

On the other hand, John 
Payne, an HP-UX systems en- 
gineer at Brigham Young Uni- 
versity in Provo, Utah, said he 
will miss HP World. “When 
you get real users showing 
real stuff, you can’t go wrong,” 


| Payne said. @ 55740 
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Future Path for 
interex Members 
Remains Unclear 


IT REMAINS UNKNOWN 
whether Interex will re-form in 
some fashion or if a new user 
group will emerge to fill the 
void left by its demise. As of 
last week, the only immediate 
option for would-be HP World 
attendees was to attend 
Hewlett-Packard’s new confer- 
ence at no extra cost. 

HP said it will offer free 
passes to the HP Technology 
Forum to users who had al- 
ready registered to attend HP 
World 2005 and had paid ei- 
ther the full conference or 
trade-show fee. The confer- 
ence is scheduled to start on 
Sept. 12 in New Orleans. 

The company is also working 
to identify technical sessions 
planned for HP World that 
would complement or add to 
the program at its conference, 
said David Parsons, vice presi- 
dent of enterprise marketing for 
the Americas region at HP. “We 
will definitely be increasing the 
number of sessions based 
upon the fact that they can- 
celed HP World,” he said. 

In the long term, one possi- 
ble avenue would be for Interex 
members to join Encompass, 

a Chicago-based user group 
that traces its roots to the Digi- 
tal Equipment Computer Users 
Society. Interex and Encom- 
pass co-sponsored HP World 
2004, although the latter group 
switched its allegiance to HP’s 
conference this year. 

Kristie Browder, president 
of Encompass and IT director 
at Silicon Laboratories Inc. in 
Austin, said her group plans 
over time to offer a place for In- 
terex members. “We will reach 
out to them eventually,” Brow- 
der said. “We're trying to make 
sure everything runs its course 
as far as what's happening at 
Interex with respect to them.” 

One potential issue, though, 
is that Encompass, with 10,000 
members, is far smaller than 
Interex was. 

- Patrick Thibodeau, Lucas 
Mearian and Matt Hamblen 
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HP Strategy 
| | ale marr — wrere they are 
| going with it.” 


Co. in Portland, Ore., wanting 
to hear more from Hurd. 
Dickey said the CEO needs 
to tell users what’s in store for 
HP’s key product lines. That’s 


a critical issue for Dickey, who | 
| day’s HP work better.” There- 
| fore, he said, there was noth- 


in April completed a transi- 
tion from an HP e3000 system 
to an HP 9000 running HP- 
UX. Columbia Steel made the 
move in response to HP’s 
decision to discontinue the 
e3000, which the vendor 
stopped selling in 2003 and 
is due to drop from support 
at the end of next year. 

“I bet our company’s tech- 
nology direction when I chose 


selling sushi, 
they'd call it ‘cold, 
dead fish’ because 
they’re so bad at 
marketing. 
MAUREEN GREER, ASSISTANT 


VICE PRESIDENT OF IT COMPLIANCE, 
AMEGY BANK NA 


to go from the HP 3000 to HP- 
UX,” Dickey said. “It’s very 
important to know — in a reli- 


The restructuring an- 


| nouncement “was not about 
| strategy,” said Frank Gillett, an 
| analyst at Forrester Research 


Inc. “It was about making to- 


ing to indicate how Hurd will 


| position HP to better compete 
| against IBM or Dell Inc. 


Charles King, an analyst at 
Pund-IT Research in Hay- 
ward, Calif., said Hurd will 


| have to air his long-term plans 


in the near future. “This was 
more a matter of “We're cut- 
ting staff, getting expenses un- 


| der control and moving for- 
| ward.’” King said. “But “Where | 
| are you going?’ was pretty 


much unaddressed.” 
iurd acknowledged as 
much during an interview 


| with the IDG News Service. 
| “What you get on a day like 


today,” Hurd said, “is a lot of 
questions like that: ‘What’s 
coming next?’ Right now, 
where we really are is focused 
on making HP the best HP 





that we’re going to make it.” 
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HP plans to cut 14,500 work- 
ers over the next six quarters, 
with most of the reductions 
coming in support functions 
such as IT, human resources 
and finance. Only minimal 


| cutbacks will be made in sales, 


it said, and “little change to 


| head count” is planned within 
R&D. But the company later 


confirmed that HP Labs is 


| ending four research projects 
| to focus on ones with better 


chances of paying off finan- 
cially. 

The vendor is also eliminat- 
ing its Customer Solutions 
Group, which handled sales to 


enterprise customers, small 
| and midsize businesses, and 


government agencies. Sales 
functions will now be embed- 
ded in HP’s Technology Solu- 
tions, Imaging and Printing 
and Personal Systems groups. 


Room for Improvement 
During a conference call, 
Hurd said the planned job cuts 
are needed to give HP “a com- 
petitive cost structure.” 
Maureen Greer, assistant 
vice president of IT compli- 
ance at Amegy Bank NA in 
Houston, agreed that the lay- 
offs are overdue and said that 


Exec Says Changes Make HP’s 
Units More Focused, Accountable 


BY PATRICK THIBODEAU 
Todd Bradley, who last month 
was named executive vice pres- 
ident of HP’s newly indepen- 
dent Personal Systems Group, 
told Computerworld 

last week that the com- 

pany’s restructuring 

plan was designed to 

improve both the focus 

and accountability of 

its three major business 

units. Excerpts from the 
interview follow: 


How will this restructur- 

ing affect the service and support 
that enterprise customers get 
from HP? It shouldn’t impact 
them at all. This is meant to be 
a beneficial move to our cus- 
tomers because it brings both 
focus and accountability into 


| the business units and [ulti- 

mately] into that sales rep or 

service person that calls ona 

| customer. We worked very, 

| very hard to take a long look 
at the organizational 
structure and change 
our organization from a 
go-to-market perspec- 
tive but really make 
sure it’s relatively seam- 
less to our customers. 


Will the restructuring 

result in any road map 

changes to HP’s enter- 
prise product lines? Not that 
I’m aware of. While people are 
really focused on the number 
of layoffs, [internally] this has 
been far more focused on how 
we increase accountability in 

| the businesses. 





Is there any special outreach to 
your large customers to explain 
this change? That’s ongoing. 


What's the message you're bring- 
ing to the customers? Consis- 
tency of product; improved ex- 
ecution; improved accountabil- 
ity in the business segments. 


This isn’t the first employee re- 
duction that HP has made; you've 
seen some deep cuts in the past. 
How strong a company will HP be 
after it completes this restructur- 
ing? It’s pretty clear with what 
we talked about that we’re 
focused on our strengths. I 
think you’ve seen lots of com- 
panies restructure over the 
last several years. Those com- 
panies that restructure yet fo- 
cus on how the restructuring 
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EMH] 
Mactan ENA OE 
combine the company’s PC 
and printer operations. 


a aula Lelie 
CEO Todd Bradley to run 
the PC unit. 


e Yasha yma 
NCU Rerum Sel 
marketing officer. 


Cs Wee] 
chain operations and brought 
in former Dell ClO Randy 
Oe Omururle te 


ry plans to lay 
off 14,500 workers and fold 
sales into HP’s three major 
Sse om 


she expects to see business 
process improvements in HP’s 
back-office operations. Greer 
also thinks the changes will 
improve HP’s marketing, 
which she pointed to as a 


improves their operating per- 
formance, [that] is what we’ve 
done here. 


How do you think this restructur- 
ing differentiates you from your 
top competitors? I think the 
biggest thing is the fact that 
we have created three busi- 
ness units that are very fo- 
cused on their markets, very 
focused on rapid execution 
[and] have far more account- 
ability in place at a lower 
level than we ever had. 


There’s been speculation that this 
month’s hiring of former Dell ClO 
Randy Mott to run HP’s IT opera- 
tions is an indication of a shift 
toward Intel platforms and away 
from Unix in terms of products. 

Is there anything to be read into 
that? No. Randy Mott is here 
because he’s one of the best 
CIOs in the country. The chal- 
lenges we have — not the least 
of which is our internal IT 
cost — is what he’s focused on. 
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| major weak spot. “If HP were 


selling sushi, they’d call it 
‘cold, dead fish’ because they 
are so bad at marketing,” 
Greer said. 

Dennis Deane, a Prague- 
based program manager for 
European IT services at DHL 
International GmbH, said he 
has received strong assurances 
from his HP account represen- 
tatives that the restructuring 
won't affect the products used 
by the delivery company. 

“DHL has been told that 
these cuts are targeting inter- 
nal, predominantly back-office 
functions to make the compa- 
ny leaner, rather than specific 
product lines,” Deane said. 

Satish Ajmani, CIO for the 
government of Santa Clara 
County in California, hasn’t 
been happy with the quality of 
some of the PCs shipped to his 
IT operation by HP. He said 
the increased accountability 
that Hurd expects to get from 
the restructuring could be a 
good thing for users. “We 
hope to see their product 
quality improve,” Ajmani said. 


@ 55737 


Tom Krazit of the IDG News 
Service contributed to this story. 


One of HP’s legacies is its culture 
of innovation. But there’s an ar- 
gument that if employees are al- 
ways worried about restructuring 
and getting laid off, it’s going to 
be very hard for them to perform 
at their best. What are you doing 
for the employees who remain? 
It’s a big adjustment. But peo- 
ple are excited about the fact 
that we have more account- 
ability, that we'll have a 
stronger marketing message, 
more tailored to the products 
themselves. It’s always a disap- 
pointing challenge when you 
have to make layoff reduc- 
tions. But the HP Way is about 
innovation, it’s about execu- 
tion, and it’s about how we go 
to market with the best prod- 
ucts that we can. And none of 


that has changed. @ 55696 


MORE NEWS ONLINE 


For additional coverage of HP, 
visit our Web site: 
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Microsoft Exec Outlines 
Plan to Sell Service SKUs 


BY CAROL SLIWA 
MINNEAPOLIS 

During a keynote address at 
Microsoft Corp.’s recent World- 
wide Partner Conference here, 
CEO Steve Ballmer said the 
company will offer managed 
services that are designed 
“more like a product or a stan- 
dard offer and less like a set 

of customized outsourcing 
services.” Rick Devenuti, senior 
vice president of Microsoft Ser- 
vices & IT, discussed with 
Computerworld the company’s 
plans to sell services under a 
model where they’re listed as 
stock-keeping units, or SKUs. 


Are there certain types of services 
that will be more conducive to the 
SKU approach? We don’t have a 
whole list of where we're go- 
ing with SKUs. We’ve got a 
product marketing organiza- 
tion that will make sure it 
looks at the opportunities. But 
I think essentially the platform 
opportunities are things we 
know we can do because we 
do them inside and we do 
them with customers. Where 
customers are having pain to- 
day, you look at that and un- 
derstand what part is difficult 
and how do we solve that — or 
where customers have adopt- 
ed technology, but they’re not 
using it productively. Cus- 
tomers ask us all the time: 
“We want to run it just like 
you do. You’re successful with 
it. How can we be successful?” 


So you like the idea of productiz- 
ing services as much as possible? 
I’m not saying it’s the only 
way to do it. I’m saying it’s a 
way we know that works. 
We've codified it. We've tested 
it. We’ve proven it. And why 
not share that? Frankly, it’s 
something IT can’t do. They’ve 
got day jobs. It’s something 
that our consulting and sup- 
port organization can do. And 
it’s something that, as we have 
to train our support people 
and our consultants, we ab- 





solutely can build the same 
[intellectual property] for 
partners. 


What will be the first SKU? The 
first one is around Exchange 
[Server]. It’li be a 
combination of SKUs, 
starting with looking 

at the overall health of 

the environment. How 

do you measure it? 

How do you monitor 

it? What’s the avail- 

ability of [the cus- 

tomer’s] Exchange 

servers worldwide? ... 

[That SKU will grow] 

to, how do you deploy [Ex- 
change] and how do you really 
support it once it’s in place? 


When will Microsoft introduce the 


first one? We'll be using it 
internally in this half of the 
[fiscal] year, and we'll be of- 
fering it to partners sometime 
during the second half. We’ve 
| got a lot to learn about the 
difference between 
what this concept is 
and how you train 
somebody to do it. 
Today, they suggest 
we take people out of 
IT and marry them 
with consultants. But 
that doesn’t scale. 
There’s really got to 
be training. There’s 
got to be certification 
or accreditation. 


Will customers in the future be 
able to find a catalog of SKUs 
for services? Yes. We want 


to broadly market these 
SKUs, and they can be deliv- 
ered by Microsoft or by part- 
ners. I don’t think it’s some- 
thing customers will do for 
themselves, because you need 
to be accredited and trained 
on it. 


Will Microsoft ever be the sole 
service provider, or will you al- 
ways work with partners? Cer- 
tainly, in the original stage, 
we'll do it because we’ve got 
to prove it. We've got to build 
it. And we’ve got to market it, 
because unless there’s a broad 
umbrella that says one of 
these Microsoft things is good 
and there’s proof points to it, 
there’s no way to scale it up. 
So we'll start with them. But 
the only way to really reach 





velocity is to have partners en- 
abled to do that. 


Will the service SKUs be offered 
under Microsoft Consulting Ser- 
vices? For both Microsoft Con- 
sulting Services and in Pre- 
mier [Support]. I tend to think 
of those two organizations as 
our enterprise services group. 


Does this put you into competition 
with your partners to some de- 
gree? I don’t think so at all. 
We're really talking about 
building out an asset for the 
partner and customer channel. 
But we have to prove that it 
works. And this concept of 
having a very prescriptive way 
to do something that works in 
a heterogeneous environment 
— that gets the guaranteed 
predictable results we're talk- 
ing about — we haven't found 
it to be an easy thing to do. So 
we need to make sure that we 
can do it and we know how 
you need to be trained to do it 
and that you can do it prof- 
itably. @ 55676 





Senators Call on DHS to 
improve Cybersecurity 


Official admits 
that there’s still 
work to be done 


BY GRANT GROSS 

The U.S. Department of 
Homeland Security needs to 
develop a recovery plan for 
a widespread attack on the 
Internet, and it needs stable 
leadership in cybersecurity, 
a government investigator 
told a Senate subcommittee 
last week. 

While the DHS can track In- 
ternet threats, it doesn’t have 
an Internet recovery plan or a 
national cybersecurity threat 
assessment procedure, David 
Powner, director of IT man- 
agement in the Government 
Accountability Office (GAO), 
told a subcommittee of the 
Senate Homeland Security 
and Governmental Affairs 
Committee. More work needs 
to be done, he said. 

“Until DHS addresses its 


many challenges ... it cannot 
function as a cybersecurity fo- 
cal point for coordinating fed- 
eral law and policy,” Powner 
said. “The result is increased 
risk. Large portions of our 
critical infrastructure are un- 
prepared to effectively handle 
a cybersecurity attack.” 

Senators echoed Powner’s 
criticisms, first outlined in a 
GAO report released in May 
[QuickLink 54662]. 

“The United States does not 
have a robust ability to detect 
a coordinated attack on our 
critical infrastructure, nor 
does it have a measurable re- 
covery and reconstitution plan 
for key mechanisms of the In- 
ternet and telecommunica- 
tions system,” said Sen. Tom 
Coburn (R-Okla.), chairman of 
the Federal Financial Manage- 
ment, Government Informa- 
tion and International Securi- 
ty Subcommittee. 

The DHS is working hard to 
improve U.S. cybersecurity 





efforts, said Andy Purdy, act- 
ing director of the DHS’s Na- 
tional Cyber Security Division. 
A draft of a national infrastruc- 
ture vulnerability assessment, 
which includes a cybersecurity 
assessment, should be com- 
pleted in a couple of months. 
The DHS Internet Disruption 
Working Group is developing 
a plan for Internet recovery af- 
ter a major attack, Purdy said. 


Pushing IPv6 

The division is also support- 
ing efforts to push IPvé6, a 
more secure version of the 
current Internet Protocol, 
Purdy said. The division is en- 
couraging software vendors to 
create more-secure products, 
and it plans to renew efforts to 
work with other agencies and 
companies to identify signifi- 
cant threats, he said. 

Purdy also noted that the 
DHS plans to create the post 
of assistant secretary for cy- 
ber- and telecommunications 
security. He said that the new 
hire should bring an end to the 
high turnover in the division’s 
leadership and “accelerate” 
cybersecurity efforts. 


“We believe [the GAO re- 
port] has provided a fair as- 
sessment of the progress to 
date and agree that while con- 
siderable work has been done, 
much work remains to meet 
the challenges in this rapidly 
changing area,” Purdy said. 

Sen. Thomas Carper (D- 
Del.) repeated longstanding 
complaints that cybersecurity 
issues take a back seat to phys- 
ical security issues at the 
DHS. Senators also raised 
concerns about the possibility 
of attacks on Internet-based 
controls for utilities such as 
waste management plants or 
the electric grid. 

Powner listed a number of 
criticisms of DHS cybersecuri- 
ty efforts, including what the 
GAO sees as problems it has 
had developing relationships 
with state and federal agencies 
and private industry. The DHS 
also has no generally accepted 
methodologies for analyzing 
Internet attacks and hasn't fully 
developed a plan for respond- 
ing to attacks, he said. @ 55679 


Gross writes for the IDG 
News Service. 
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DON TENNANT 


Never Mind 


EMEMBER LAST WEEK when I wrote 
about having noticed an advertisement 
for HP World and how I learned from 
the ad that the conference, sponsored by 
the Interex user group, would be held in 
August? Remember how I commended Hewlett- 
Packard for supporting HP World despite the fact 
that it was slated to hold its first unified user confer- 
ence, the HP Technology Forum, a month later? 


Never mind. HP World, 
as you probably know by 
now, isn’t happening. 

No one was more 
blown away than I was 
when Patrick Thibodeau 
broke the story on our 
Web site on the Monday 
morning our print edition 
was hitting the streets: 

HP World had been can- 

celed the day before, and 

Interex was shutting down 
[QuickLink 55630]. Why 

would Interex place an ad to attract 
registrations to HP World one week, 
only to cancel the show the next? 
How could all of this have happened 
so suddenly and without warning? 

I don’t know the answer to either 
question. But I do know that this is 
a glaring indication of some pretty 
shoddy management, and you can’t 
blame HP for that. Many people will 
slam HP for killing HP World — and, 
by extension, Interex, since the event 
was the main source of the group’s 
revenue — by starting its own user 
conference and convincing the two 
other top independent HP user 
groups to support it. 

But no one can argue that it was 
HP that pulled the rug out from un- 
der Interex’s members last week. 
The Interex leadership did that it- 
self. And there’s no excuse for it. 

Interex had plenty of time to deter- 
mine whether holding HP World was 
a viable proposition at all, let alone 
one month before the HP Technolo- 
gy Forum. It appears now that the 





decision to go it alone 
was based on wishful 
thinking, blind stubborn- 
ness or a combination of 
the two. The desire to re- 
tain an independent user 
conference was com- 
mendable, but actually 
trying to do it was proba- 
bly shortsighted. And 
blindsiding its member- 
ship at the last minute 
was just plain stupid. 

So now all eyes are on 
the HP Technology Forum to be held 
in September. Remember last week 
when I wrote that there’s a “schedul- 
ing conflict” that’s going to prevent 
HP CEO Mark Hurd from attending 
this signature HP user conference? 
Remember how I noted that Hurd 





will be giving a keynote at Oracle 
OpenWorld the foliowing week and 
how I found it peculiar that Hurd was 
able to carve out the time to speak to 
Oracle’s users but not his own? Never 
mind. Now that I’ve had another 
week to think about it, I find it not 
peculiar but absolutely outrageous. 

In the week since then, we’ve 
learned that the rumors were true 
and that HP is indeed undergoing a 
major restructuring that will leave it 
with 10% fewer workers and make 
the Customer Solutions Group — the 
organization responsible for selling 
to corporate and government users 
— go away. It seems incomprehensi- 
ble that Hurd would fail to show up 
at this key inaugural event to explain 
these and other restructuring-related 
moves to his users. 

If Hurd indeed stays away, Ann 
Livermore, the executive vice presi- 
dent who’s slated to deliver the main 
keynote, will be left in the awkward 
position of having to explain his ab- 
sence. I’d hate to see that happen to 
the person who should have gotten 
the nod to replace Carly Fiorina in 
the first place. @ 55704 
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DAN GILLMOR 


Intel May 
Have Itself 
To Blame 


NTEL ISN’T the world’s 
biggest maker of micro- 
processors for nothing. 


Among manufacturing com- 
panies, it surely ranks among the most 
adept, and it has a long history of inno- 
vation. 

But Intel is also known for its com- 
petitive nature — a rough and some- 
times mean style that has always come 
close to the edge of what’s acceptable. 
And it’s the nastier part of the compa- 
ny’s character that’s being, once again, 
called sharply to account. 

The latest questions or, more accu- 
rately, accusations have surfaced in the 
form of a lawsuit recently filed by Ad- 
vanced Micro Devices, Intel’s chief 
competitor. I’ve read 
the complaint, and 
this is serious stuff. 

AMD is alleging a 
host of offenses, but 
the case boils down 
to whether Intel has 
used illegal or mere- 
ly nasty tactics to 
maintain its chip 
dominance. If the al- 
legations of illegal 
behavior are true — 
and, needless to say, 

Intel has denied 
them — Intel may be 
in some real trouble 
this time. 

There are some high stakes in this 
battle, and not just for Intel. The stakes 
for IT are real too. If AMD prevails, 
computer buyers will see more choices 
and lower prices. 

Which is not to say that price-cutting 
and innovation haven’t been occurring 
in the Intel architecture. Largely thanks 
to AMD, both have occurred. AMD’s 
64-bit migration strategy — helping 
customers by ensuring that 32-bit ap- 
plications would keep working — and 
dual-core processors have been exam- 
ples of the kind of leadership for which 
Intel was once more famous. 

Intel isn’t a stranger to antitrust 
issues. In the 1990s, it stayed pretty 
much above the fray as Microsoft, its 
partner in the Wintel alliance, faced 
a series of harsh charges. Intel had 
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schooled its workers to avoid saying 
and doing the kinds of things that got 
Microsoft in such trouble. 

Indeed, people I talked with at Intel 
during the epic Microsoft trial were 
baffled that the software giant seemed 
not only to have no serious internal 
policies to avoid such trouble, but also 
that Microsoft executives were so fla- 
grantly dismissive of government offi- 
cials and their duties. 

Intel’s sensitivity had shone through 
in another way. At one point, the com- 
pany backed away from what seemed 
to be a push to dominate the mother- 


board market as it had done with chips. 


I had always assumed that Intel, al- 
ready immensely profitable and pow- 
erful, had done this largely to avoid 
any antitrust complications. 

Microsoft, in the end, avoided seri- 
ous sanctions for its behavior. The 
Bush administration, in its odious deal 
with the software company, all but an- 
nounced that monopolists could get 
away with just about anything on its 
watch. I wonder if Intel concluded that 
it, too, now had a free pass. If so, the 
chip maker may have made a mistake. 

Antitrust law is evolving at a fairly 
rapid pace these days, and there are le- 
gitimate questions about whether it’s 
appropriate in a fast-moving industry 
like technology. I believe it is, but 
there’s at least a solid intellectual argu- 
ment that hard-nosed enforcement 
may deter innovation. 

I believe Intel would be better off if 
it acted as if strong enforcement was 
going to occur no matter what. Tough 
but honorable competition, not knife 
fights, should be the heartbeat of capi- 
talism. @ 55479 


DAVID BOWES 


On-the-Job 
Seasoning of 
An IT Pro 


IKE MOST IT managers, 

I always aimed to create 

a bottom-line impact 
through the use of technology, 
reduce the mystery surrounding IT 
and adopt standard business manage- 
ment techniques. Unfortunately, these 
efforts generally didn’t have the in- 
tended result. Most CEOs still don’t 
seem to grasp the potential of business 
transformation coupled with IT. But 
this is our fault as much as theirs. 


| 


| 
| 





What can we do to reme- 
dy this situation? The an- 
swer lies in training, but I’m 
talking about something 
more than a class for your 
business executives to learn 
how to use a spreadsheet. 
I’m talking about a wide- 
spread learning environment 
— aculture of learning. 

Of all the manufacturing 
and distribution firms I’ve 


worked for, only one suc- 


cessfully created a learning 
environment for all its se- 

nior managers that became 

the prism through which we managed 
staff and related to one another. This 
100-year-old food-processing company 
has always believed that things should 
be done the right way. It doesn’t shy 
away from change and feels that it’s 
fair to ask new senior managers to 
learn about the company before direct- 
ing their employees to follow them 
into uncharted waters. In fact, all em- 
ployees learned the company culture 
by receiving on-the-job training. 

New managers had to spend four 
months away from home, trimming 
and tying meat, coating poultry with 
spices, loading cooking trees, unload- 
ing metal containers of cooked product 
— performing the majority of the most 


laborious jobs in the plant 
under demanding condi- 
tions for 10 hours each day. 
We ate our lunch with 
everyone in the cafeteria. 
All of our experiences were 
recorded weekly for peer 
review and suggestion. 

I completed the hands- 
on training but didn’t fully 
appreciate the lessons 
learned until one year later, 
when assembling an ERP 
request for proposals. My 
time on the factory floor 
helped me understand how 

, those operations could benefit from a 
| properly implemented ERP system. 
For example, line personnel wanted to 
see how their efforts in total produc- 
tion and scrap containment compared 
with those of other plants in order to 
promote best practices that worked; 
facilities managers dreamed of a glob- 
al spare-parts inventory that could be 
queried using multiple word combina- 
| tions, parts characteristics or parts di- 


chases and speed the right parts to a 
machine; and management wanted to 
know more about retail-store case 
temperatures and storage practices 
compared with our internal standards 
| by using a passive data-gathering 





process that our distributors used. 


| Having worked alongside all these 
| people, I didn’t have to guess what 
| would be beneficial for them and pro- 


vide value-add for the company. 

But as I said, I’ve worked for only 
one company that pursued this sort of 
training. Still, I think all managers 
should understand the ins and outs of 
many of the routine procedures within 
their organizations and take the time 
to perform these tasks. If your compa- 
ny doesn’t provide this type of train- 
ing, ask your human resources direc- 
tor and your boss if you can help de- 
sign a program. Then let others know 
what you're doing so that they begin 
to see the value of this sort of train- 
ing. And carry this thinking into other 


areas; if a business re-engineering 


project is planned, for example, be 
sure to perform hands-on training 
beforehand. 

In the end, you will be better able to 
identify and project the positive effects 
of IT because you will have a much 
clearer appreciation of your firm’s true 


| identity and what your users really 


| need. @ 55563 
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Training Key to Improved E-mail Security 


N THE ARTICLE “Trojan E-mails 

Suggest Trend Toward Targeted 
Attacks” [QuickLink 55083}, you 
quote a security analyst as saying 
that organizations that follow best 
practices in regard to e-mail securi- 
ty should not be concerned with 
this new threat. This advice is flat 
wrong! Updated antivirus signa- 
tures, attachment filtering and anti- 
spam measures aren't enough to 
identify and mitigate this risk. | have 


been involved in a network penetra- 


tion test that targeted individuals 
using spoofed e-mail and Web 
pages. We were successful in col- 
lecting authentication credentials 
from over 90% of users. These cre- 
dentials included network, data- 
base and VPN passwords and user 
IDs, which was enough for us to re- 
motely gain access to all of the data 
we wanted, completely undetected! 
The ultimate solution is not sim- 
ply updating your antivirus or apply- 
ing some magical server patch. 
There are only two ways to mitigate 


this risk: better user training and 
strong authentication methods 

| (such as biometrics and smart 

| cards). You can have the strongest 

| network, firewall and intrusion de- 
tection in the world, but as long as 
legitimate users are standing at the 


| gates handing out their keys, then 


| you will never have true security. 


| Jason Jones 


Webmaster, 
Dallas Baptist University, 


| webmaster@dbu.edu 


"Most Identity Theft 
| Occurs Off-line 


RUCE SCHNEIER, chief tech- 
nology officer at Counterpane 


| Internet Security Inc., says that 


shredding your trash “is completely 
obsolete advice” [“Hackers Score 
Big by Thinking Small, Experts 


| Say,” QuickLink 55151]. He and | 


must be reading different sources. 
While there has been an uptick in 





identity theft via computers just with- | 


| inrecent months, more than 85% 
| of identity theft still occurs from 
| sources that are not online. Shred- 


ding your trash is still sound advice 


| Michael Quigley 


ASA00 programming 
section coordinator, 
New Knoxville, Ohio 


a6540]. Tying is illegal only if the 
company has some degree of mar- 
ket power. For example, Microsoft 


| was sued for tying Internet Explorer 
| to Windows because it had such a 

| dominant position in the operating 
| systems market. Apple, with reia- 

| tively small market share in hard- 


ware or operating systems, could 


| probably not be sued successfully 


Gates Is a Mystery 


AM CONFUSED! First Bill Gates 

bangs the table for more H-1Bs, 
and now this [“Gates Warns 
Against Reliance on Outsourcing,” 
QuickLink a6570]. Does he or does | 
he not want American engineers | 
and IT? 


James Murphy 
North Hills, Calif. 


Apple Doesn’t ‘Tie’ 


OU SHOULD TALK to an anti- 

trust lawyer before you run an 
article accusing Apple of “tying” 
[“Mac OS on a Dell? Dell in Favor, 
Apple Opposed,” QuickLink 


| number for immediate verification. 


| for tying under antitrust law. 


Jonathan Lamberson 


| Student, Harvard Law School, 
| Cambridge, Mass. 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to 


| Jamie Eckle, letters editor, Com- 


puterworld, PO Box 9171, 1 Speen 
Street, Framingham, Mass. 01701 
Fax: (508) 879-4843. E-mail: 
letters@computerworld.com. 
Include an address and phone 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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Health Services 

IT leaders at health care organizations, 
such as Furrukh Khan at Ohio State Uni- 
versity Medical Center (right), are using 
Web services to move information 
among disparate systems and, ultimate- 
ly, improve patient care. Page 26 
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SECURITY MANAGER'S JOURNAL 
Getting Started on 

Database Security 

CJ. Kelly takes a look at the secur- 
ity of her employer’s information 
assets and realizes that the applica- 
tion layer is the weak link. Page 32 


THE HORROR STORIES 
HAVE BECOME ALL 
TOO FAMILIAR: 


= In April, a software glitch resulted in 
the loss of thousands of dollars for US 
Airways Group Inc. when some tickets 
were mistakenly priced at $1.86. 

= In the latest U.S. presidential elec- 
tion, reports of incorrect tallies surfaced 
in several districts that were using new 
computerized voting machines. 

= A software bug apparently 

caused the largest power out- * 

age in North America, the 

Northeast blackout of August , 

2003, which threw millions a 

of people into dark- . ” 

ness. 





QUICKSTUDY 

RATs 

Remote administration Trojans 
are pieces of malicious software 
that let intruders remotely con- 
trol computers across a network 
or through the Internet. Page 34 


The list could go on and on. And the 
problem, it seems, is only getting worse. 


| According to one oft-quoted number 


from the National Institute of Stan- 
dards and Technology, flawed software 
cost the U.S. economy $60 billion in 


| 2002. No one doubts that the number 


is even higher today. 

Bad software plagues nearly every 
organization that uses computers, 
causing lost work hours during com- 
puter downtime, lost or corrupted 
data, missed sales 6pportunities, high 
IT, support and maintenance costs, and 
low customer satisfaction. 

In frustration, CIOs are taking a hard 

e\ look at how bugs 
get into the appli- 
cation develop- 
ment process 
and why they 
seem to be so 
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and improvement as a characteristic of a top-quality IT organization. 


i Ambler of Ronin international Inc., adds two phases: production and re- 
! tirement. 

; Another standard is the Software Engineering Institute's Capability 
| Maturity Model Integration, an update to the SEI's original Capa- 

; bility Maturity Model. CMMI promotes the notion of cyclical feedback 


OF SOFTWARE 
METHODOLOGIES 


Know what RUP, CMM or XP mean? Here’s a quick lesson 


There are a handful of well-known methodologies in software devel- 
opment circles. One common one is |BM Rational’s RUP, or Rational 
Unified Process, a framework that includes both best practices and 
technology tools and that identifies four phases of application develop- 
ment: inception, elaboration, construction and transition. An extension 


CMMI defines five levels of software process maturity ranging from Lev- 


‘ el1 (initial), characterized by ad hoc methods and unpredictable results, 
to Level 5 (optimized), when the organization has measurable, continu- 
ous process improvement. One other well-known practice is Extreme 
Programming, or XP, which also stresses iterative development, 
constant testing and collaborative development. 

Iterative development is a key issue, says Joshua Barnes, a consul- 
tant at Ajilon LLC in Jacksonville, Fla. Unlike the “waterfall” approach, 


in which a project progresses from stage to stage, iterative develop- 


people to follow, he says. 


to RUP called the Enterprise Unified Process, created by Scott 


hard to prevent. The consensus: It’s 
not one specific failure but a series of 
disconnects and miscommunications 
among the IT specialists involved in 
the planning, development, testing and 
maintenance of each application. 

The problem, say those who study 
bad software, is a failure to manage the 
life cycle of software and recognize 
that any effort to improve software qual- 
ity must span all of the stages of the 
application’s life, from initial planning 
to postdeployment and maintenance. 

Berkshire Life Insurance Company 
of America, a subsidiary of The 
Guardian Life Insurance Company of 
America in New York, has been exam- 
ining ways to improve quality through- 
out the application life cycle. 

“In the past year, we have looked at 
our development process, at our re- 
quirements-gathering methodology 
and at the way we monitor systems,” 
explains Sorin Fiscu, project manager 
and IT rapid application development 
team leader at Berkshire Life. 

Fiscu’s team has implemented 
changes such as involving the quality 
assurance (QA) staff in the early plan- 
ning stages, soliciting input from busi- 
ness analysts and automating more of 
the testing phase. These changes have 
enabled the company to meet or ex- 
ceed two of its goals for postdeploy- 
ment: application availability and over- 
all user satisfaction with the applica- 
tion. 

One of the first steps in the develop- 
ment of an application at Berkshire 
Life is bringing business users and IT 
together to agree upon the functional 
specifications of the application, list- 
ing every feature and function that the 


| business users need, from the flow of 
| screens to the names of data fields. 

“It’s a very detailed picture of the 
application and how it will be used,” 
says Fiscu. “The key is to get every- 
body talking upfront. Testers, analysts 
and developers need to communicate 
as much as possible.” 

The basic goals of application life- 
cycle management (ALM) are fairly 
straightforward. They include ensur- 
ing adequate communication between 
the teams responsible for each stage 








ment lets successive increments of the project go though the cycles, 
allowing for constant feedback and course corrections. “It's never ben- 
eficial to use a waterfall approach, in my opinion,” says Barnes. But the 
iterative methodology is a cultural change and is often challenging for 


- Sue Hildreth 


| and preventing errors from progress- 


ing through the cycle, since it costs 
more to fix errors later in the develop- 
ment process than at the beginning. 
“The life cycle may appear obvious, 
but most organizations — close to about 
90% — do not know how to effectively 
manage the life cycle,” asserts Theresa 


| Lanowitz, an analyst at Gartner Inc. “If 


the life cycle was truly embraced with 
the right people, process and technolo- 
gies, we would see better-quality soft- 
ware and more efficient and effective IT 
organizations. As it is, most IT organi- 
zations waste quite a bit of their bud- 
get because they have bad business 
practices, fail to deliver on require- 
ments and fail to manage projects to 
meet schedule, cost and quality goals.” 


Quality From the Start 


Establishing clear communication 
channels among developers, testers 
and the business users is critical to 
successful life-cycle management. This 
needs to be made part of the process 
during the planning stage. 

At Staples Inc., the emphasis is on 
collaboration among everyone in- 
volved in the application’s develop- 
ment, testing and use, according to 
Kathy Murray, senior manager of qual- 
ity management at the Framingham, 
Mass.-based office products retailer. 

“We meet with our business partners 
to discuss the business requirements, 
with QA there as well so they under- 
stand the requirements,” she says. “The 
more time we spend in the definition 
phase, the better later phases go. There 
are studies that say 60% to 70% of bugs 
are introduced during the definition 
stage, and we find that to be true.” 
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Poor requirements are the root of 
most QA problems, says Arthur Povlot, 
an Atlanta-based business development 
manager at Tescom Software Systems 
Testing Ltd., a provider of QA services. 
“Very seldom do companies imple- 
ment quality ‘gates’ at the require- 
ments stage. For instance, you should 
have the requirements audited and 
signed off on by the people involved — 
business analysts, marketing managers, 
subject matter experts, etc.,” he says. 

Programmers tend to like to do 
things their own way. And though it’s 
probably counterproductive to bog de- 
velopers down with red tape, it’s nev- 
ertheless a good idea to implement 
some processes and procedures for 
consistency and quality control. 

Fiscu highly recommends requiring 
developers to perform specific QA 
tests on their code before handing it 
off — bugs and all — to the QA staff to 
fix. “Our development team receives a 
set of unit test scripts, like a high-level 
checklist. Development is done only 
when the checklist is done,” he says. 
“This way, we make sure we don’t push 
high-level defects from development 
into the test environment.” 

Another common difficulty in devel- 
opment that breeds software errors is 
keeping track of changes and versions. 
Configuration management and 
change management policies and 
tools help enforce a standard process 
for creating and testing code. 

American Greetings Corp. in Cleve- 
land, for instance, relies on AllFusion 
Change Manager from Computer As- 
sociates International Inc. to track 
changes to its code throughout the de- 
velopment process and enforce com- 
pany standards for development. 

“Someone can’t decide to use a dif- 
ferent compiler, for instance, or skip 
a test, because it’s all built into the 
process” in AllFusion, says Tom 
Brown, software manager at American 
Greetings. “To manage the life cycle 
means to keep the source code as cur- 
rent and consistent as far as the type of 
processes and compilers that we used.” 


Testing and More Testing 


While developers should do some ear- 
ly testing as they go, a full-blown test- 
ing process/department is crucial to 
finding and fixing bugs. After develop- 
ers pass off the code, it should be sub- 
jected to a variety of thorough checks, 
including functional testing to evaluate 
the flow and functional correctness of 
the program, integration testing, per- 
formance testing, security testing, and 

egression testing of updates and 
changes to a program. 





www.computerworld.com 


The Chicago Board of Trade per- 
forms a number of manual and auto- 
mated tests on applications, including 
unit testing by developers, performance 
testing using QACenter from Compu- 
ware Corp. and user-acceptance testing 
or functional testing by the traders and 
brokers who will use the software. 
CBOT also tests with an eye toward 
growth and heavier traffic in the future. 

“We are proactive, not reactive, so 
we test for future loads the systems 
may experience,” says David Burkhart, 
director of quality assurance at CBOT. 

Because of limits on time, technolo- 
gy and human capabilities, even the 
most sensitive, mission-critical sys- 
tems can’t be tested to 100% assurance. 
The question becomes one of how 
many tests to make and how much 
time to take. Povlot advises creating 
test cases for 100% of the application’s 
most critical requirements. (Test cases 
are lists of the input and expected re- 
sponses needed to test a particular fea- 
ture.) Overall, he says, you should be 
testing 90% of all requirements. 

Automated tools can help speed test 
planning and execution, especially for 
regression testing. “We’ve decreased 
our test cycle man-hours by 50%, en- 
abling us to increase test coverage by 
300%,” says Murray, who credits the 
improvement to Staples’ use of SilkTest 
by Segue Software Inc. and StarTest 
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from Star Quality in Hopkinton, Mass. 

Berkshire Life Insurance uses Em- 
pirix Inc.’s e-Test Suite to manage the 
testing process and speed regression 
testing. “The more enhancements we 
added, the more time the regression 
phase of testing took. Now automation 
frees up resources and also ensures 
consistency,” says Fiscu. 


Closing the Loop 

Once deployed, an application must be 
monitored and maintained. Soon, up- 
dates to the software will begin a fresh 
application life cycle, so information 
collected during production must be 
fed back into the requirements plan- 
ning of the next rendition. 

That is the strategy that The Dow 
Chemical Co. in Midland, Mich., fol- 
lows. Dow’s IT staff runs a variety of 
test scripts on new applications, using 
LoadRunner from Mercury Interactive 
Corp. After deployment, many of those 
scripts are run again, this time using 
one of Mercury’s monitoring packages 
— Topaz or SiteScope — to compare 
the results. Should a problem with the 
application be detected, the operations 
staff at Dow conducts an incident- 
review process to determine the cause. 

“Then we send that information 
back to development, or to the infra- 
structure or service teams, to make 
the appropriate changes,” says Rich 





<3 We are proac- 
tive, not reactive, 
so we test for future 
loads the systems may 
experience. 

DAVID BURKHART, 


DIRECTOR OF QUALITY ASSURANCE, 
CHICAGO BOARD OF TRADE 


Guidotti, lead architect specialist in 
Dow Chemical’s information systems 
group. 

CBOT also uses Compuware moni- 
toring software to catch problems. 
“We close the loop after it goes into 
production. If something happens once 
it’s in production, we'll have a meeting 
to discuss it, and that feedback goes 
directly to QA,” says Burkhart. 

A wide range of vendors has prod- 
ucts for one or more stages of the life 
cycle. A few are beginning to assemble 
suites aimed at being complete life- 
cycle management systems. IBM’s 
Rational unit provides an end-to-end 
product line, ranging from its Requi- 
sitePro for gathering requirements, 
modeling tools and testing tools to 
the postdeployment monitoring and 
maintenance products of IBM’s Tivoli 
software. 

Likewise, Mercury, Compuware, CA 
and Segue Software all either purport 


mill 


split-second securities trades a day for three 
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| to or plan to expand their product cov- 


| erage to hit every major phase of the 


application life cycle. 
Although an integrated platform 
might be an ideal, the current reality is 


| that organizations must select various 
| products from different vendors to au- 


tomate portions of the life cycle, such 
as requirements management, automat- 


| ed functional testing and postdeploy- 


| 


ment monitoring. Some offer interfaces 
to complementary products, but many 
do not, or at least not to every one a 
customer may happen to own. 

But life-cycle management is as 
much a matter of processes as it is the 
automated technology tools used to 
support it. So, integrated platform or 
not, say experts, the goal of ALM is to 


| minimize errors and omissions and in- 


crease the quality of the product. 
Or, as CBOT’s Burkhart says, it’s a 


| matter of learning from past mistakes 
| and not reliving them in each new cycle 
| of the application. “One of my underly- 


ing goals is to never repeat a mistake,” 


| he says. “Everyone makes mistakes; if 
| they didn’t, we wouldn’t need to test 


anything. But we strive to have quality 


| processes in place to prevent us from 
| repeating mistakes.” @ 55496 


Hildreth is a freelance writer in 
Waltham, Mass. She can be reached 


| at Sue.Hildreth@comcast.net. 
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OSPITAL IT infrastruc- 

tures form a complex 

transactional environ- 

ment in which pulling 

applications and infor- 

mation together can 
be not just mission-critical, but also a 
matter of life and death. 

Entrenched proprietary systems store 
patients’ clinical, radiological, demo- 
graphic and billing information as text, 
images and voice-annotated reports. 
That information must be dealt with in 
accordance with strict clinical priorities 
and federal regulations. An increasing 
number of health care organizations are 
using Web services and service-orient- 
ed architectures to make critical con- 
nections in their information systems. 

“We are building SOAs and Web ser- 
vices that will not only integrate differ- 
ent systems, but also take care of the 
hospital’s rules — a heart operation 
cannot be performed on the second 
floor, or anesthesia equipment cannot 
be located in the cafeteria, for exam- 
ple,” says Furrukh Khan, director of the 
Collaborative for Applied Software 
Technology at Ohio State University 
Medical Center in Columbus. 

Khan and his staff have developed a 
Microsoft .Net-based SOA that in- 
cludes Web services for connecting 
hospital monitoring equipment to 
back-end databases. Since .Net licenses 
were already in place, the Web ser- 
vices were developed for very little 
cost, Khan explains. 

Using Microsoft Indigo and Micro- 
soft Web Services Enhancements for 
.Net, which provide standards-based se- 
curity and other features to the Visual 
Studio .Net and .Net frameworks, Khan 
and his staff have linked anesthesia sys- 
tems with the hospital’s location ser- 
vices, which are stored in a McKesson 
Corp. hospital information system. 

As a result, physicians and other au- 
thorized users can view a patient’s 
picture and vital signs remotely on a 
Web browser, says Khan. 

Without Web services, the task of in- 
tegrating patient data in the clinical 
and departmental systems scattered 
throughout hospital facilities has been 
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monumental, say hospital CIOs. 

“I have clinical software from 17 ven- 
dors. All you're really trying to do is 
service the organization and doctors, 
but it’s a terrible struggle to get infor- 
mation between the different electron- 
ic environments,” says John Wade, vice 
president and CIO at Saint Luke’s 
Health System Inc. in Kansas City, Mo. 

Saint Luke’s uses systems from mul- 
tiple hospital software vendors, and 
even with in-house programming staff 
and funds at his disposal for integra- 


| 
| 
| 
| 
| 
| 


tion projects, Wade says it’s still very 
difficult to get information from one 
electronic environment to another. 
For example, the hospital has devel- 
oped a custom XML-based application 
for its Web portal. Called Post-It Note, 
the application translates Dictaphone 
voice into data to allow physicians to 
view and annotate a radiologist’s 
voice-based report on a Web browser. 
The patient data resides in a system 
from San Francisco-based McKesson. 
The use of XML has made the applica- 
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tion a service that’s accessible to a va- 
riety of systems, says Wade. 

Part of the difficulty in making infor- 
mation available to multiple systems 
has been the need to comply with 
entrenched hospital data-transaction 
standards such as the Health Level 7 
protocol. HL7 is used for interdepart- 
mental patient-data transactions 
among clinical systems, including hos- 
pital information systems and radiolo- 
gy, laboratory and cardiology systems. 
However, custom programming has 


\ says doctors can use Ohio State University Medical Center’s SOA to monitor patients’ vital signs via a Web browser. 
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often been required to integrate hospi- 
tal systems that use HL7 with systems 
that don’t use the protocol — essential- 
ly any software that’s not health-care- 
specific, including reporting and billing 
applications. As a result, hospitals can 
have hundreds of HL7 interfaces 
among systems that trade basic patient 
data, according to hospital IT officials. 

Hospital enterprise application ven- 
dors have had to provide interfaces 
and consulting services to their cus- 
tomers to ensure that all systems work 
together. However, this is cumbersome 
and isn’t achieving true integration, ac- 
cording to Barry Runyon, an analyst at 
Gartner Inc. in Stamford, Conn. 

“Hospitals are a heterogeneous envi- 
ronment with regard to platforms and 
applications, and by passing around 
HL7 to 10 different systems, they don’t 
integrate; they interface,” says Runyon. 
“Integration is far more intimate and 
requires knowledge of workflow, as 
well as a security model and other 
specifications.” 

More difficulty has arisen because 
vendors have been slow to relinquish 
their captured customer bases by mak- 
ing their applications easier to inte- 
grate with cornpeting systems. Even 
when two systems support HL7, IT 
staffers have had to create custom in- 
terfaces to make them work together. 

“Hospital system vendors don’t play 
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well with others,” says Ken Thomson, 
chief architect at the University of 
North Carolina Health Care System in 
Chapel Hill. “If you want to integrate 
their software with lots of other sys- 
tems, you're out of luck. We developed 
our own XML-based facades to their 
applications. They’re starting to realize 


| they’re never going to own the space. 


In the end, the customer will be the 


800-pound gorilla that changes this, 


because they need direct access to 
those applications.” 

At Boston-based CareGroup Health- 
care System, Web services technology 
has provided an efficient means of 
making diverse systems work together, 
says John Halamka, CIO of the four- 
hospital network. Using development 
products that were already in place, 
Halamka’s staff built an XML-based 
application called CareWeb to link 
12,000 users on 146 internal clinical in- 
formation systems — including labora- 
tory, radiology and pharmacy systems 
— across the organization. 

“Web services are the glue that you 
can use to create a virtual system,” says 
Halamka, who’s also a Computerworld 
columnist. “If you want to achieve 
seamless data integration, you can 
make your infrastructure one gigantic 
system or, cheaper and faster, you can 
use Web services.” 

Health care has lagged behind other 


transactions per day for the world’s 





Fis 


erenne 


industries in implementing SOAs, for 
both budgetary and historic reasons. 
IT budgets in the sector are a fraction 
of those in other industries. To make 
matters worse, HL7 didn’t include 
XML support until this past May. 
Moreover, the industry groups behind 
Integrating the Healthcare Enterprise 
(THE), a 7-year-old project of the 
Healthcare Information and Manage- 
ment Systems Society and the Radiolo- 
gy Society of North America, are just 
now planning to include XML schemas 
in the framework. 


| Waiting for Standards 


IHE officials say they have been wait- 
ing for standards bodies such as the 
World Wide Web Consortium and the 
Organization for the Advancement of 
Structured Information Standards to 
settle on security, identity, manageabil- 
ity and other issues before including 
full-blown Web services definitions in 
its framework. 

“Even though there is no current 
work being done within IHE, Web 
services are in our road-map vision. 
The key issue is the lack of mature 
health care standards specifications 
for Web services,” says Glen Marshall, 
co-chairman of the [IHE’s infrastruc- 
ture planning committee and IT archi- 
tect at Siemens Medical Solutions in 
Malvern, Pa. 


POFER AG 


busiest public agency. 
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For their part, vendors say they’re 


| working on the problem as their cus- 


tomers’ IT infrastructures grow more 


| complex and the need increases for 


customizable XML interfaces that sup- 


| port hospital workflow models. 


“With Web services, we're giving 
our customers a more predictable, reli- 
able means to integrate our software 
without needing programmers to do 
the heavy lifting,” says Michael 
Solomon, chief architect at IDX Sys- 


| tems Corp. in South Burlington, Vt. 


“This requires an investment by the 
vendors, who have to figure out how to 


| ‘expose’ their applications, and that’s 
| not easy to do, either culturally or 
philosophically.” 


As it stands, hospitals are forced to 
rely on only a few vendors — usually 


| no more than two or three — to ensure 


that their systems work together. But 


| even then, maintaining application in- 
| terfaces is a burden on IT staffers. 


“Early on, we standardized our ap- 
plications as part of the selection 


| process to make sure they integrate 


with each other, and they’re all vendor- 


supported. But we still have dedicated 


IT people for managing the traditional 


| interfaces,” says Nancy Barrett, direc- 


tor of information systems integration 


| and development for the Lifespan 
| health system in Providence, R.I. 


Hospital IT departments that are 
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Web services, “you had to either write the 
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yourself, or write it specifically to one type 
of software. Now the monitoring software 
sends requests to the SOA in XML, and 
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beginning to deploy Web services in an 
SOA have found that the technology 
not only eases integration between dis- 
parate systems but can also help them 
customize applications to the specific 
needs of their users. 

“The whole one-size-fits-all vendor 
model is flawed,” says Paul Chang, di- 
rector of radiology at the University of 
Pittsburgh Medical Center. “The user 
should be able to create the view they 
need of the application they’re using. A 
true Web services and SOA model is so 
promising because I can provide opti- 
mized tools to our users without re- 
inventing the wheel. Software should 
bend to the will of the user, not the 
other way around.” 

Whether an organization uses Micro- 
soft’s .Net or Java systems from IBM, 
BEA Systems Inc., Oracle Corp. and 
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others — or both — chances are that it 
has programmers with the skills need- 
ed to develop Web services, says Chang. 
| Established Web services standards 
such as Simple Object Access Protocol 
| (SOAP) and Web Services Description 
Language (WSDL), along with more 
recent standards that govern security 
| and reliability, give IT managers enor- 
mous flexibility, he says. 

“Our IT lab is split down the middle 
between programmers who use .Net 
and those who use Java. ... I can be 
completely agnostic. The Web service 
can be half Java and half .Net. Even Mi- 
crosoft and IBM will tell you it all 
works together,” Chang says. 

New Web services standards make 
hospital implementations of SOAs pos- 
sible, says Ohio State’s Khan. “Until re- 
cently, there were no standards for se- 


curity, reliable messaging or transac- 
tions. SOAP and WSDL were just the 
starting point. You could discover and 
talk to each other’s applications, but 
you had to do things like security your- 
self, which makes that part of the ser- 
vice proprietary,” he says. 


Shift in Thinking 
It’s precisely the diversity of IT infra- 
structure that makes a hospital an ideal 
setting for SOAs. Not only is the envi- 
ronment strewn with proprietary and 
legacy systems, but the hospital work- 
flow also requires a nimble software ar- 
chitecture to keep data moving smooth- 
ly around the enterprise, says Chang. 
“Traditional software capabilities 
aren’t enough, and traditional vendors 
can’t keep up because workflow always 
changes in the hospital,” he says. 
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“Imaging modalities alone can change 
every day.” 

Although the actual code work to de- 
velop Web services isn’t difficult, 
switching to an SOA makes business 
process analysis crucial, Thomson at 
the UNC Health Care System says. 

“Web services get rid of a lot of the 
complicated work. The XML piece it- 
self was one of the simplest parts for 
us to develop. It was much more diffi- 
cult to work out the business side,” he 
says. “It’s very important to know the 
structure of the XML document. You 
have to ask the right questions to de- 
cide things like what the data structure 
is, or the format of exchange for a 
medication list.” 

In small institutions, where both 
funding and staffing resources are in 
short supply, the mapping of business 
processes is important, adds Gartner’s 
Runyon. “Understanding the business 
requirements is what's difficult. Anyone 
can write a Web service. But you have 
to also ask things like, ‘Is it properly ab- 
stracted?’ Moving forward, hospitals 
will think about integration beforehand. 
Now, the [electronic medical record] is 
going to requixe well-thought-out busi- 
ness issues, both semantically and syn- 
tactically. It’s a whole other architectur- 
al dilemma,” he says. 

And Web services will become an 
integral part of the IT planning process 
because the work of developing cus- 
tom interfaces for every vendor will be 
eliminated, say hospital IT managers. 

“Much of whether or not to imple- 
ment Web services boils down to strat- 
egy. What organizations with SOAs are 
doing is putting together the muscle 
that will broker data from several dis- 
parate systems with or without the 
HL7 limitations,” says Scott Ogawa, 
chief technology officer at Children’s 
Hospital Boston. 

The hospital plans to use Web ser- 
vices to exchange data with its exter- 
nal partners in Massachusetts SHARE 
(Simplifying Healthcare Among Re- 
gional Entities), a regional collabora- 
tive initiative for data exchange operat- 
ed by the Massachusetts Health Data 
Consortium. But Ogawa also sees the 
potential for the technology inside the 
organization. 

“On the clinical side of things, we’re 
looking for ways to not have to tie sys- 
tems together using custom interfaces, 
but rather integrating them with Web 
services such that we don’t have to 
build broker solutions.” @ 55506 








Webster is a freelance writer in 
Providence, R.I. He can be reached 
at john.s.webster@verizon.net. 
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Summer Reading 


_ For Technophiles — 





ET’S FACE IT: An 
evocative whiff 
: of cocoa butter 
mam can get to even 
the most serious technol- 
ogy workers among us, 
inspiring them to ease 
up just a bit. Perhaps only 
a few will hunker down 
on a beach towel with 
Harry Potter and the Half- 
Blood Prince, but most 
will be ready for a break 
from service manuals and 
all those 5-pound tomes 
on Linux clustering or Windows 
forensics. 

The following titles should have ap- 
peal for the techno-savvy but are in- 
tended to provide something more 
entertaining or speculative than the 
customary deep dive into a sea of bits 
and bytes. Two of the books were pub- 
lished recently, but, as with any sum- 
mer reading list, an old favorite is here 
as well, ready to be revisited or discov- 
ered for the first time. 





@ High-Tech Crimes 
Revealed: Cyberwar Stories 
From the Digital Front, 
(Addi- 
son-Wesley, 412 pages, 
$29.99). Branigan has 
pulled off a very difficult 
balancing act. His be- 
» hind-the-scenes descrip- 
| tions of investigations 
ito cybercrimes have 
enough dark detail to 
' keep any reader 
turning the pages, 
engrossed in how 
the cases were cracked and the 
perps brought to justice. But 
High-Tech Crimes Revealed is 
also intended to be instructive, 
and through a variety of devices 
— clear explanations of criminal 
methods, intriguing statistics, 
charts, diagrams and tips boxes 
— it succeeds. Most readers will 
be entertained and gain a clearer 
understanding of cybercrime and 
the urgent need to stop it. 





@ It’s Alive: The Coming Con- 
vergence of information, Biol- 
ogy and Business, 


(Crown Business, 288 pages, 
$27.50). Initially published 
in 2003, this certainly wasn’t 


+ the first book to apply con- 


cepts from biology and oth- 
er natural sciences to IT 
and business, but it remains 
one of the most readable 
and provocative. It’s Alive is 
a 10-year look into the future 
toward what the authors call the 
“molecular economy.” The book pur- 
ports to be a management guide for the 
business environment created by that 
new economy, an environment Myer 
and Davis have dubbed the “adaptive 
enterprise.” But its 
most interesting 
passages deal with 
the science from 
which it builds its 
metaphors. 
Two years into 
the decade the au- 
were specu- 
about, some 


verheated, and 
the book covers so 
much ground so 
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quickly that it can trig- 
ger giddiness instead 
of thoughtfulness. 
But there’s certainly 
enough substance here 
to lure the reader to 
check in again in 2013 
to see how clear Myer 
-and Davis’ vision 
ed out to be. 


The Silicon Eye, 
(Atlas 
Books, 318 pages, $27.50). 
Gilder’s silicon sagas add 
more than a little extra drama to tales 
of technologists at work, and his sweep- 
ing statements about technology and 
society are sometimes hard to swallow, 
but he knows how to spin a yarn. 

The Silicon Eye tells the stor®»f 
Foveon Inc., a start-up that uses re- 
search that blends IT, optics and 
neurobiology in an effort to build a 
new kind of digital camera. Among the 
cast of real-life characters are Michelle 
Mohowald, the young scientist upon 
whose ideas the company rests, and 
Carver Mead, the legendary Caltech 
electronics guru. Their battle to make 
a dent in the market dominated by 
Japanese corporate giants is engross- 
ing and instructive. Find a shady spot 
and enjoy yourself. @ 55637 

— Tommy Peterson 
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What You’ll Learn 
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¢ Managing Storage Networking ¢ High Bandwidth Storage 
Solutions Applications 


¢ Managing Deployments of Existing ¢ Small Medium Business 
and Emerging Technologies Considerations 


¢ Deploying Storage to Meet Industry 
Regulations 


ami See SNW’s Interoperability & Solutions Demo 
No other storage event gives you: 
* 40-plus SNIA member companies collaborating on 
integrated solutions 


* the opportunity to meet leading experts and engineers 


Storage Analyst Briefing 


In this fast-paced session, IDC's top storage analysts will 
examine companies’ growing interest in deploying tiered 
storage solutions and assess its impact on storage compo- 
nents, systems, networks, management and services. 


For more information and to register, visit www.snwusa.com/cw or call 1-800-883-9090 
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Pre-Conference Golf Outing 

IDC Analyst Briefing : Serre ee Lt re 
“« SNW is so concentrated 
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of the overall industry ..” 


SNIA Technical Tutorials 

End User Town Hall Meeting } 
Speed Dating with IDC 
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12:00pm 


Pre-Conference Golf Outing 
Complimentary for Registered IT End-Users 


The Pre-Conference Golf Outing at The Ritz-Carlton Golf Club located for Sto 
adjacent to the JW Marriott Grande Lakes Resort, is complimentary one-st 
($125 value) for registered IT End-Users (other participants, including 
sponsors and vendors, may play on an “as available” basis and are 
responsible for all applicable golf outing expenses). 
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Got Questions About 
Enterprise Analytics? 


Computerworld’s IT Management Summit Has the Answers 


Beyond Business Intelligence: 
Using Enterprise Analytics to Drive 
Fact-Based Decisions 

New York, New York - August 9, 2005 


New York Marriott Financial Center - 85 West Street - New York City 


Looking to better understand enterprise 
analytics? Apply to attend Computerworld’s 
complimentary* half-day IT Management 
Summit: Beyond Business Intelligence. 


Enterprise analytics enable companies to 
make timely fact-based decisions using 
critical information from across the entire 
organization. By fully leveraging data, 
technology, skills and processes, successful 
users of enterprise analytics go beyond 
simply understanding the past, to predicting 
outcomes that improve overall corporate 
performance. 


This summit will feature the latest insights 
of business intelligence industry experts and 
will give you first-hand information on the 
innovations and experiences of companies 
successfully deploying enterprise analytics. 
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Getting Started on 
Database Security 


Our security manager takes a look at the 
agency’s info assets and realizes the appli- 
cation layer is the weak link. By C.J. Kelly 


66 SSET-CENTRIC se- 
curity” seems to be 
becoming a famil- 
iar phrase in the 


security world. However, 
identifying assets can be com- 
plicated. For many organiza- 
tions, assets are pieces of in- 
formation stored in numerous 
places: on local hard drives, on 
file servers, within databases, 
in various physical and geo- 
graphical locations, 
as well as in transit. 
The information 
could include cus- 
tomer or client data, 
protected health data, 
proprietary informa- 
tion or financial data, 
among other things. 

Thinking through the layers 
of security in our environment, 
I realized that the weakest link 
in the chain is at the applica- 
tion layer, which is where I see 
database security fitting in. 
Much attention has been given 
to auditing firewall rules, turn- 
ing off unneeded services on 
servers and patching operating 
systems, internetwork operat- 
ing systems and various appli- 
cations, such as Internet Ex- 
plorer. But it seems that not 
much attention has been given 
to database security and audit- 
ing. I know for a fact that no 
attention has been paid to it 
here, and I need to do some- 
thing about that, though I don’t 
have much experience in the 
subject. 

I’m responsible for numer- 
ous databases, including DB2, 
Access, SQL and MySQL. I’ve 
focused on making sure that 
they reside on the internal 
network and that the firewall 
rules are explicit for traffic to 
and from the Web servers in 
the DMZ. I've made sure that 
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servers are patched routinely, 
and I’ve audited Active Direc- 
tory users and account per- 
missions, but I’ve done noth- 
ing related to the databases. 
Now our agency is develop- 
ing a major new application 
using DB2, and I need to come 


up with security requirements. 


I have to educate myself on 
this, but where to begin? 

Well, it so happens that El- 
sevier Digital Press 
recently sent me the 
book Implementing 
Database Security 
and Auditing, by 
Ron Ben Natan. It 
has examples for 
Oracle, SQL, DB2 
and Sybase. (I think everyone 
agrees that using Microsoft 
Access databases for mission- 
critical applications is a mis- 
take. Access is used in the 
agency for small projects that 
are initiated and managed by 
individuals who have specific 
needs for manipulating data 
downloaded from various 
mainframes.) 

The first step in securing 
DB2 is to harden the environ- 
ment. The book provides a 
to-do list that includes items 


| like these: 


® Do not run DB2 as root 
(or as LocalSystem on Win- 
dows). 

® Verify that all DB2 files 
have restrictive permissions. 


| have to educate 
myseif on this, but 
where to begin? 





@ Remove default accounts. 

@ Remove sample databases. 

®@ Check for default pass- 
words and check password 
strengths. 

@ Close unnecessary ports 
and services. 

@ Remove all permissions 
granted to “public.” 

@ Restrict sysadmin privi- 
leges. 

So far, so good. Some items, 
such as the first one, seem ob- 
vious, but who knows — may- 
be the developer/programmer 
always runs his databases as 
root. Nothing should be as- 
sumed. But I learned some 
new information that I would 
not have known if I hadn’t 
been exposed to it by this 
book. Here are a couple of 
points for you to keep in mind: 

@ Never use client authenti- 
cation. Use DCE_ENCRYPT, 
SERVER_ENCRYPT or 
KRB_SERVER_ENCRYPT 
if possible. 

@ Revoke privileges on sys- 
tem catalogs like SYSCAT.- 
COLAUTH, SYSCAT.- 
DBAUTH, SYSCAT.INDEX- 
AUTH and SYSCAT.PACK- 
AGE-AUTH. 

This is a good list to start 
with, and I feel like I'll be on 
solid ground by following it 
and by making sure the data- 
base is at the latest patch level 
and keeping aware of the secu- 
rity bulletins that pertain to 
the database. I’ve e-mailed the 
to-do list to the consultants 
who are developing the appli- 
cation for us and are currently 
managing the database envi- 
ronment on one of our 
servers. No, I’m not passing 
the buck, and yes, it’s a little 
late in the game to be doing 
this, but better late than never. 

Besides this to-do list, I got 
some immediate assistance 
toward securing the database 
environment in the first chap- 
ter of the book, where the au- 
thor states that defining an 





| access policy is the “center 


of your database security and 


| auditing initiative.” Aha! That 


statement pulled me up to the 
30,000-foot level as I pon- 
dered why the author used 
this approach. The second 
chapter is an overview of the 
usual stuff involved in an in- 
depth security strategy. At this 


| point, I was hooked. Now that 


I had some traction, I wouldn’t 
mind reading through a chap- 
ter or two on concepts. 

Chapter 3 discusses how 
the database communicates on 
the network, and it contains a 
section on SMB/CIFS (Server 
Message Block/Common In- 
ternet File System). I was par- 
ticularly interested in that be- 
cause of recent vulnerabilities 
disclosed regarding the SMB 
protocol. 

So far, I’ve read the first 
four chapters (Chapter 4 cov- 
ers authentication and pass- 
word security). But flipping 
ahead, I can see that the book 
goes deeper and addresses 
some application coding is- 
sues that could be of concern, 
as well as Web services, stored 
and external procedures, row- 
level security, secure replica- 
tion mechanisms, how to set 
up an event monitor and trace, 
encryption, regulations and 
compliance, and, finally, audit- 
ing. One feature of the book 
that seems particularly valu- 
able is that it outlines the 
anatomy of various types of 
attack and describes how to 
prevent them. 

So, with the help of Ron Ben 
Natan, I’m making a start at 
securing our databases. The 
approach in his book works 
for me, and for the first time I 
feel like I have some direction 
in protecting our assets. Since 
those happen to include pro- 
tected electronic health infor- 
mation that belongs to the citi- 
zens of our state, any guidance 
I receive will be invaluable. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “C.J. Kelly,” whose 
name and employer have been disguised 
for obvious reasons. Contact her at 
mscjkelly@yahoo.com, or join the dis- 
cussion in our forum: QuickLink a1590 


| To find a complete archive of our 


Security Manager's Journals, go online to 
@computerworld.com/secjournal 
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Remote Access 
Flaw Described 

A flaw in the software used to 
remotely access computers 


tems, but they could use it to 
repeatedly cause affected 
computers to crash. This 
would be done by creating 
specially crafted messages 
using the Remote Desktop 
Protocol. Microsoft is advising 
users to either block the port 
that uses RDP (Port 3389) or 
to disable the remote access 
features. 


Start-up Promises 
Low-Cost Offerings 
Start-up ConSentry Networks 
is expected to come out with 
an appliance this fall that it 
said will provide protection 
that’s similar to but less ex- 
pensive than comprehensive 
schemes laid out by estab- 
lished network vendors. The 
company has built three cus- 
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DEFINITION 
Remote administration Trojans are 
pieces of malicious software, or 
malware, that let intruders re- 
motely control computers across 
a network or through the Internet. 


BY JAN MATLIS 
HE WORLD of malicious 
software is often divid- 
ed into two types: viral 
and nonviral. Viruses 
are little bits of code that are 
buried in other codes. When 
the “host” codes are executed, 
the viruses replicate them- 
selves and may attempt to do 
something destruc- 
tive. In this, they be- 
have much like biolog- 
ical viruses. 

Worms are a kind 
of computer parasite 
considered to be part 
of the viral camp because they 
replicate and spread from 
computer to computer. 

As with viruses, a worm’s 
malicious act is often the very 
act of replication; they can 
overwhelm computer infra- 
structures by generating mas- 
sive numbers of e-mails or re- 
quests for connections that 
servers can’t handle. 

Worms differ from viruses, 
though, in that they aren’t just 


qty 





bits of code that exist in other 
files. They could be whole 
files — an entire Excel spread- 
sheet, for example. They repli- 
cate without the need for an- 
other program to be run. 
Remote administration 
types are an example of anoth- 
er kind of nonviral malicious 
2 ere the Trojan horse, or 
more simply Trojan. 
The purpose of these 
programs isn’t replica- 
tion, but to penetrate 
and control. Named af- 
ter the wooden crea- 
ture that the citizens of 
ancient Troy were tricked into 
taking into their fortified city, 
they are programs that mas- 
querade as one thing when in 
fact they are something else, 
usually something destructive. 
There are a number of kinds 
of Trojans, including spybots, 
which report on the Web sites 
a computer user visits, and 
keybots or keyloggers, which 
record and report the user’s 
keystrokes in order to discov- 
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er passwords and other confi- 
dential information. 

RATs attempt to give a re- 
mote intruder administrative 
control of an infected comput- 
er. They work as client/server 
pairs. The server resides on 
the infected machine, while 
the client resides elsewhere, 
across the network, where it’s 
available to a remote intruder. 

Using standard TCP/IP or 
UDP protocols, the client 
sends instructions to the 
server. The server does what 
it’s told to do on the infected 
computer. 

Trojans, including RATs, are 
usually downloaded inadver- 
tently by even the most savvy 
users. Visiting the wrong Web 
site or clicking on the wrong 
hyperlink invites the unwant- 
ed Trojan in. RATs install 
themselves by exploiting 
weaknesses in standard 
programs and browsers. 

Once they reside on a com- 
puter, RATs are hard to detect 
and remove. For Windows 
users, simply pressing Ctl-Alt- 
Delete won’t expose RATs, 
because they operate in the 
background and don’t appear 
in the task list. 


Nefarious Designs 
Some especially nefarious 
RATs have been designed to 
install themselves in such a 
way that they’re very difficult 
to remove even after they’re 
discovered. 

For example, a variant of 
the Back Orifice RAT called 
G_Door installs its server as 
Kernel32.exe in the Windows 
system directory, where it’s 
active and locked and controls 
the registry keys. 

The active Kernel32.exe 
can’t be removed, and a reboot 





won't clear the registry keys. 
Every time an infected com- 
puter starts, Kernel32.exe will 
be restarted, and the program 
will be active and locked. 

Some RAT servers listen on 
known or standard ports. Oth- 
ers listen on random ports, 
telling their clients which port 
and which IP address to con- 
nect to by e-mail. 

Even computers that con- 
nect to the Internet through 
Internet service providers, 
which are often thought to of- 
fer better security than static 
broadband connections, can 
be susceptible to control from 
such RAT servers. 

The ability of RAT servers 
to initiate connections can 
also allow some of them to 
evade firewalls, which are 
constructed to look for unso- 
licited incoming connections. 
An outgoing connection is 
usually permitted. Once a 
server contacts a client, the 
client and server can commu- 
nicate, and the server begins 
following the instructions of 
the client. 

Legitimate tools are used by 
systems administrators to 
manage networks for a variety 
of reasons, such as logging 
employee usage and down- 
loading program upgrades — 
functions that are remarkably 
similar to those of some re- 
mote administration Trojans. 
The distinction between the 
two can be quite narrow. A re- 
mote administration tool used 


by an intruder becomes a RAT. 


In April 2001, an unem- 
ployed British systems admin- 
istrator named Gary McKin- 
non used a legitimate remote 
administration tool known as 
RemotelyAnywhere to gain 
control of computers on a U.S. 


_How Remote Adm We be Tce Meet cls 
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Navy network. 

By hacking a few unguarded 
passwords on the target com- 
puters and using illegal copies 
of RemotelyAnywhere, McK- 
innon was able to break into 
the Navy’s network and use 
the remote administration tool 
to steal information and delete 
files and logs. The fact that 
McKinnon launched the attack 
from his girlfriend’s e-mail 
account left him vulnerable to 
detection. 

Some of the famous RATs 
are variants of Back Orifice; 
they include Netbus, Sub- 
Seven, Bionet and Hack’a’tack. 
These RATs tend to be fami- 
lies more than single pro- 
grams. They are morphed by 
hackers into a vast array of 
Trojans with similar capabili- 


ties. @ 55488 


Matlis is a freelance writer in 
Newton, Mass. You can reach 
him at jmtgpcmcm@aol.com. 


Are there technologies or issues you'd like 
to learn about in 2 easomned Send your 
id to quickstudy@ t ld 


To find a complete archive of our 
QuickStudies, go online to 
@computerworld.com/quickstudies 
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Stellent Upgrades 
Web Content Tools 


® Stellent Inc. has released Ver- 
sion 7.5 of Stellent Site Studio. 
The Web content management 
software now offers automated 
Web site migration capabilities, 
according to the Eden Prairie, 
Minn.-based vendor. Also includ- 
ed is a new tool that’s designed 
to let users quickly compare cur- 
rent and previous versions of 

a site. Available now, Site Studio 
is priced between $25,000 and 
$100,000. It’s included with the 
Stellent Web Content Manage- 
ment suite, which is sold as an 
option to Stellent Content Server. 


Mercury Partners 
With Peregrine 


@ Mercury Interactive Corp. and 
Peregrine Systems Inc. have an- 
nounced a partnership in which 
Mountain View, Calif.-based Mer- 
cury will integrate its application 
management tools with San 
Diego-based Peregrine’s asset 
and service management soft- 
ware. When the integrated sys- 
tem begins shipping later this 
year, customers will be able to 
use Mercury IT Governance Cen- 
ter with Mercury Application 
Mapping and Peregrine Service- 
Center to prioritize and manage 
IT change requests, conduct busi- 
ness-impact analysis and auto- 
mate deployment of changes, ac- 
cording to the companies. Pricing 
isn’t yet available. 


WebMethods Offers 
Compliance Tool 


= WebMethods Inc. has intro- 
duced webMethods for Compli- 
ance. The software system helps 
users continuously and automati- 
Cally verify the completeness, ac- 
curacy and validity of transactions 
and business processes in accor- 
dance with regulatory require- 
ments, according to Fairfax, Va.- 
based webMethods. Pricing for 
the system, which is compatible 
with Oracle and SQL Server data- 
bases, ranges from $300,000 to 
more than $1 million. 
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Coder Be Agile, 
Coder Be Quick 


NEW FORCE is making itself felt in the 

world of software development. Advocates 

of the agile development methodology 

(www.agilealliance.com) claim that its 

potential to increase productivity in some 
areas is so bright that coders are going to need to wear 
shades to write software with it. 


Instead of starting by de- 
veloping a detailed set of 
requirements, agile method- 
ologies call for program- 
mers to begin by writing 
small chunks of functional- 
ity that can be completed in 
two to four weeks — “itera- 
tions,” in agilespeak. Mod- 
ule testing receives the 
same level of attention as 
the actual writing of the 
code. When one iteration 
is done, developers find the 
next requirement to add more function- 
ality to the module just completed and 
thereby start a new iteration. 

Agile processes promise to deliver 
high-quality, functioning software at a 
fraction of the time and cost of tradi- 
tional methods. Still, agile isn’t likely to 
replace the so-called waterfall develop- 
ment methodologies, those proven 
ivory towers that have been used for the 


development of everything from missile | 
defined areas or functionality that’s 


guidance to widget-tracking ERP sys- 
tems. For many projects, especially big 
ones with relatively fixed requirements, 
the Software Engineering Institute and 
its family of Capability Maturity Models 
(www.sei.cmu.edu/emmi) are the gold 
standard and will remain so. 

What’s changed is product develop- 
ment in the era of global mass cus- 
tomization. You can’t afford a three- 
month requirements-definition phase 
whose pieces are nebulous and evolv- 
ing. The agile method has at its core the 
ascendance of trial and error over plan- 
ning and documentation or, borrowing 





more agilespeak, “early 
value delivery” over 
“formalism.” 

Agile tilts to a more 
intuitive but still disci- 
plined form of software 
development. Build and test 
a software module for that 
widget-tracking system 
with a very small, tightly in- 
tegrated team. Then inter- 
pret the requirements for 
that module in the testing 
and have the software built 

before the requirements even would 
have been developed using traditional 
waterfall methods. 

Agile already is showing up in main- 
stream software development. Some 
developers will see it first as part of a 
hybrid methodology, with some parts 
managed via waterfall methods and 
others spun off to agile. Likely candi- 
dates for spinning off to an agile team 
are software modules that include un- 


likely to change. 

Instead of waiting for dependencies to 
be resolved or customer inputs to catch 
up to requirements, put agile to work. 
Develop the test plan, build, and test 
with “Tinkertoy” interfaces that can be 
easily updated when the project catches 
up. Agile excels in this environment. 

The potential savings offered by the 
agile method force the global software 
development marketplace to take it se- 
riously. Its pros and cons are hotly de- 
bated. If agile does what its proponents 
claim, it will be disruptive technology 





for software development, changing 
everything. 

And if everything changes, there will 
be winners and losers. The winners will 
include a lot of those early proponents 
who were able to see and embrace the 
change — and who didn’t have a large 
stake in the entrenched way of doing 
things. The losers will mostly be devel- 
opment shops that have a large stake in 
the ancient regime and are unable or 
unwilling to embrace the change. 

Squarely in the sights of some agile 
proponents is the movement to off- 
shore development. Examined through 
an agile lens, those billions of dollars 
spent in developing software offshore 
are suspect. Is it better to write a great 
set of requirements and enforce an ele- 
gant project management system to 
gain the economic benefit of cheap off- 
shore development? Or should we be- 
gin defining an agile iteration in paral- 
lel with a test plan and begin writing 
software close to home for early deliv- 
ery of a functioning solution? 

Offshore development puts consider- 
able stress on some of the cultural prac- 
tices fundamental to agile, such as small 
teams working in close proximity, in- 
stant communication and tightly inte- 
grated testing. Disruptive technology 
changes the rules in Bangalore, Boston, 
Beijing and Berlin. Being close to the 
agile project— “visibility,” in agilespeak 
— puts a premium on proximity and 
new types of project management tools. 

But it would be a mistake to assume 
that agile brings a sustainable advantage 
to onshore developers in the U.S. Once 
the offshore community gets on board 


| with agile — and they are starting to do 


so — they will adopt new management 
tools and methods and continue to en- 
joy the same cost advantages they do 
now, albeit at a faster pace. @ 55661 
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Digital audio. Video. Records. Documents. Whatever form your information takes, IBM HAS AN INFORMATION 
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> With Sprint, BMW is beautiful. 


Innovation is at the heart of BMW, which is why they partnered with Sprint to help roll out the all-new 3 Series in a way that 
was as innovative as the car itself. Together, they introduced wireless kiosks to find hard-to-reach, first-time buyers in unexpected 
places. Powered by Sprint PCS Connection Cards’ these kiosks let potential customers experience and interact with BMW, 
then instantly relay their contact information to dealers through a centralized server. This enables BMW not only to collect and 
process new customer leads but also push content updates to each kiosk without a site visit. So maintenance becomes more 
efficient, and downtime is reduced. And to date, Sprint has helped generate more than 56,000 leads for BMW. With Sprint, 
more people experience BMW, and more cars roll off the line. Engineering a new way to drive sales — now, that's beautiful. 
With Sprint, business is beautiful” 


> Visit Sprint.com/beautiful for case studies or call 877-777-5568 > Wireless. Data. Voice. IP 
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Farewell to Fiefdoms Managers’ Forum 

The Southern Co. was ahead of Check out the debut of Paul Glen’s IT hiring activity is expected to be 


its time when it pioneered an IT advice column, in which he answers 
shared-services concept 10 years readers’ questions about the art and 

ago. Today, it’s reaping the benefits craft of management. One reader asks 
on the bottom line and in the career : how to manage a CIO with a bad case of 
paths of its CIOs. Page 42 “rock-star-itis.” Page 44 


brighter in the third quarter because 

of business expansion, especially among 
large companies and in New England, 
according to a new report from Robert 


| 
Career Watch 
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for longer periods of time. read data stored under older 
While content may be king in versions. 
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which the data is stored degrade rela- 
tively quickly. “Ten years is pushing it 
as far as media permanence goes,” says 
Jansen. 


Varied Approaches 

Today, the only safe path to long-term 
archiving is repeated data migration 
from one medium and application to 


another throughout the data’s life span, | 


experts say. 

But the storage industry is working 
on the problems from various angles. 

One solution to the backward-com- 
patibility problem is to convert data to 
common plain-text formats, such as 
ASCII or Unicode, which support ali 
characters across all platforms, lan- 
guages and programs. Using plain-text 
formats to store data enables virtually 
any software to read the files, but it 
can cause the loss of data structure 
and rich features such as graphics. 

Another approach is to use PDF files 
to store long-term data. There can be 
backward-compatibility problems with 
PDFs, but the file format’s developer, 
Adobe Systems Inc., has created an 
archival version of its software, called 
PDF/A, that addresses them. 

To date, the most promising stan- 
dard data-storage technologies are 
emerging in new XML-based formats, 
according to analysts and studies. XML 
is a file format and self-describing 
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| markup language that is independent 
| of hardware and operating systems. 


On the media side, the Storage 


Networking Industry Association 


(SNIA) is working toward solving 
what it calls the “100-year archive 
dilemma” through a standards effort 
for media. The goal is to store data in a 
format that will always be readable by 
a generic reader. 

“Degrading media is not at all the is- 
sue. Rather, the real issue is long-term 
readers and compatibility — the logi- 
cal problem which we intend to ad- 
dress,” says Michael Peterson, presi- 
dent of Strategic Research Corp. in 





Santa Barbara, Calif., and program di- 
rector for the SNIA Data Management 
Forum. 

Some businesses are postponing the 
long-term archival problem with large 
farms of disk arrays, which keep data 
online and accessible. Jim Damoulakis, 
chief technology officer at Framing- 
ham, Mass.-based consultancy Glass- 
House Technologies Inc., suggests that 
companies look into using an emerg- 
ing class of inexpensive disk arrays as 
a storage medium. “At least you know 
the data is there and readable,” he says. 
“A tape or optical media sitting in a 


| vault can degrade.” 


The new disk arrays, sometimes 


| called disk libraries, are based on rela- 


tively inexpensive ATA disks, formerly 
used only in PCs. 

Peterson says that this is a tempo- 
rary solution, however. “Long term, I 
am not sure that current disk inter- 


| faces won’t have the same migration 
| problem [as tape],” he says. “Whether 


it is tape or disk, you are going to have 
to migrate.” 


Managing Metadata 
Meanwhile, users struggle on. Last 
October, for example, Jansen and his 
IT team completed a three-year proj- 
ect to create an open-systems-based 
archive management center for the 
state of Washington that will house 


BEFORE YOU ARCHIVE 


AS ORGANIZATIONS struggle 
with the physical problems as- 
sociated with archiving, many 
are also addressing the theo- 
retical underpinnings. They 
are beefing up their policies 
around how they classify and 
store data, partly in response 
to regulations such as the Sar- 
banes-Oxley Act and the 
Health Insurance Portability 
and Accountability Act. 

“Unquestionably, the foun- 
dation of any archiving system 
is strong records management 
skills,” says Adam Jansen, a 
digital archivist for the state of 
Washington. 

And while the development 
of products and standards will 
help companies as they deal 
with backward compatibility of 


software and degradation of 
media, records management is 
something they can begin to 
tackle today. 

Any archival scheme should 
start with creating an audit trail 
to ensure the authenticity of 
the data, says Jim Damou- 
lakis, CTO at GlassHouse 
Technologies. The plan should 
also include categorizing data 
according to its importance, 
which can dramatically affect 
the cost of the systems. “With- 
out an archiving strategy in 
place - and that's common 
today - your entire storage 
infrastructure will be eaten up 


over time with legacy data,” he | 


says. “Going through the exer- 
cise of doing some level of 


| data identification and classifi- 


cation is a critical first step.” 
Mario Carlos, head of IT at 
Manila Electric Co. in the Philip- 
pines, says he began to formu- 
late a long-term preservation 
plan by prioritizing his data. 
His priorities are based on reg- 
ulatory requirements, econom- 
ic feasibility, operational ease, 
obsolescence, available tech- 
nology and the difficulty of 
changing current operations. 
To assist in records man- 
agement, information classifi- 
cation management software 
and appliances have been 
emerging over the past year 
from vendors such as Kazeon 
Systems Inc., StoredIQ Inc., 
Arkivio Inc., Index Engines Inc. 


| and Scentric Inc. 


The technology scans un- 


Tm er ly 
the exercise of doing 
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structured file data and applies 
lexicons of keywords to identify 
likely target documents. For ex- 
ample, the engines can be set 
to identify data related to com- 
pliance with Securities and 
Exchange Commission regula- 
tions or HIPAA, or to earmark 
data for legal discovery. 

~ Lucas Mearian 
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records from 3,300 state and local 
agencies in perpetuity. 

The center, in Cheney, Wash., cur- 
rently stores STB of data and is expect- 
ed to grow to 25TB by the end of the 


year. It cost about $1.5 million for man- 


agement software and hardware, in- 


| cluding servers, a storage-area net- 
| work and tape drives. Washington 


spent $1 million more on a joint devel- 
opment project with Microsoft Corp., 
which is helping the state create what 
it hopes will become an open format. 

“We want to avoid proprietary file 
formats to the extent it’s possible,” 
Jansen says. 

He says that the most important part 
of any long-term archival system is 
centralizing the backup of data in or- 
der to be able to standardize the stor- 
age method. At the heart of the state’s 
archival system is the storage of meta- 
data, the information that describes 
the data. 

When documents are transmitted 
over the WAN to a central data center, 
information such as who created the 
document, what type of document it is, 
where it was created, when it was cre- 
ated and why is was created is cap- 
tured and stored in a SQL database. 
That way, “20 years from now, you 
don’t have to know that particular doc- 
ument, but you can perform a search 
based on the record type,” Jansen says. 

The state’s system also notes which 
computer originated the data. “We 
capture the actual IP address, CPU 
type and Ethernet adapter. We get the 
digital fingerprint of that computer,” 
says Jansen. This helps to prove the 
authenticity of data. In addition, the 
state issues a digital certificate for 
any document using the MDS hashing 
algorithm to verify the authenticity of 
that data. 

Most data is kept in a standard for- 
mat: Word documents are turned into 
PDF files, and images are converted 
into TIFF files. 

Jansen says he is considering using 
Microsoft's Office 12 and its new XML- 
based file format as a standard archiv- 
ing format in the future. 

And virtually everyone hopes that 
standard — or another one — will stick. 
Peterson sums up the 100-year dilemma 
this way: “There aren’t what we'd call 
standards for long-term archiving — 
only best practices.” @ 55446 


YOU THINK YOU NEED STORAGE? 


The National Archives is planning a system to store 
every White House e-mail, starting with those created 
during President Clinton's second term 
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Moving to shared IT services has boosted The 
Southern Co.’s bottom line - and the careers 


of its divisional CIOs. 


N THE 24 YEARS that Bart Wood 

has worked at The Southern Co., 

he’s done everything from cost 

accounting to managing power 

delivery. But Wood’s background 

in customer service has served 
him particularly well over the past 
eight years as CIO at Georgia Power, 
one of seven operating companies for 
Southern, a super-regional energy 
provider based in Atlanta. 

That’s because Wood, like other divi- 
sional CIOs at Southern, is responsible 
not only for overseeing IT activities at 
Georgia Power but also for managing 
customer service, marketing and hu- 
man resources systems operations for 
all of Southern. 

Similarly, Aline Ward, a 21-year 
company veteran, is not only CIO at 
Southern’s Mississippi Power operat- 
ing company but is also responsible for 
the entire company’s transmission and 
distribution systems. 

Wood and Ward personify South- 
ern’s IT shared-services organization, 
which the company pioneered in the 
mid-1990s. “We were way ahead of our 
time,” says Ward. “There was no one 
else doing anything like this 10 years 
ago, so there was no one to model our- 
selves after.” 

The shared-services effort was 
spearheaded by then-CIO Tom Fan- 
ning, who is now Southern’s chief fi- 
nancial officer. Fanning wanted to cre- 
ate synergies among operating units 
and reduce costs by providing com- 
mon desktop support, application 
maintenance and other IT services to 
Southern’s operating companies. 

Prior to the formation of the IT 
shared-services organization, known 
as Southern Company Services, there 





was a lot of redundancy even within 
single divisions. Individual operating 
companies often used several systems 
— three or four accounting systems, 
for example — for the same purpose. 
There was also little commonality 
among operating systems or e-mail 
platforms used by each entity. 

This buildup of redundant systems 
was the result of “little fiefdoms” that 
had cropped up in each of the operat- 
ing companies, Ward explains. 


‘Throwing Jell-0” 

It wasn’t easy to convince all of South- 
ern’s far-flung IT workers to buy into 
the notion of a shared-services IT 
organization. 

“There were some folks [in IT] who 
didn’t want to be centralized. It was 
like throwing Jell-O on the wall and 
hoping it would stick,” says Becky 
Blalock, who has been Southern’s se- 





nior vice president and CIO for the 
past three years. 

Blalock worked outside of IT during 
the first 18 years of her career before 
becoming CIO at Georgia Power in 
1995, and that helped her drive the cen- 
tralization effort, at least within her 
business unit. “Being an outsider to IT 
was almost an advantage to me, since I 
didn’t have any emotional attachments,” 
she says. 

Fanning’s charisma and his vision 
for IT helped smooth the transition to 
a shared-services environment; the 
fact that divisional CIOs picked up 
functional responsibilities also helped, 
Ward says. Before then, “we [in IT] 
were all essentially order takers, and 
Tom Fanning wouldn’t stand for that,” 
she recalls. 

Another step that eased the transi- 
tion was the creation of technology 
leadership teams for each functional 
area. For example, Ward meets month- 
ly with nine business and IT delegates 
from different operating companies to 
discuss transmission and distribution 
issues, such as technologies that could 
help make Southern’s transmission 
grid more reliable. They also monitor 
and update the company’s progress to- 
ward meeting goals in a five-year mas- 
ter plan for each functional area. And 
the group frequently evaluates up- 
grades and replacements to core sys- 
tems such as job estimating and track- 
ing systems, Ward adds. 

It’s all part of a strategy aimed at 
helping Southern run as efficiently 
as possible, with each operating unit 
responsible for its own profits and loss- 
es. “We have to be successful as oper- 
ating companies, but we also have 
to be successful as Southern Co.,” 
says Ward. 

The division of functional responsi- 
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bilities among the CIOs “seems rather 
unique to Southern,” says Rick Nichol- 
son, an analyst at Energy Insights, a 
unit of market research firm IDC. 

And because Southern is trying to 
centralize those activities, “it makes 
sense to have one person responsible 
for each area,” says Zarko Sumic, an 
analyst at Gartner Inc. 


Pioneers and Mavericks 
Southern is used to taking pioneering 
approaches to IT and business. It was 
one of the first companies to create 
roles for business analysts as liaisons 
between IT and the business units, 
says Ward. And when the dot-com 
boom and explosive economic expan- 
sion in the U.S. were leading many or- 
ganizations to put more IT responsibil- 
ities in the hands of business man- 
agers, the energy giant began centraliz- 
ing its IT operations. 

Southern’s maverick approach 
seems to be working across the board. 
The systems consolidation and cen- 
tralization effort has helped the com- 
pany slash both its budget and head 
count. And according to Blalock, the 
shared-services group received its 
highest-ever customer satisfaction rat- 
ings in 2004. “We are definitely doing 
more with less and doing it very well,” 
she says. 

Having functional responsibilities 
also provides terrific career opportuni- 
ties for divisional CIOs like Wood, 
since they are able to develop critical 
IT and business management skills 
that can eventually be applied to other 
parts of Southern’s operations. 

“If you asked me what my next job 
would be, it would probably be as head 
of customer service for an operating 
company,” Wood says. 

That kind of career path is plausible 
for business-savvy CIOs like Wood, 
says Nicholson, “because they’re very 
versed in that business process and its 
reliance upon IT.” @ 55450 
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cussion on the art 
and craft of man- 
agement. I’ll do 
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Ram ett mes tote 
tions, and there 
willbe room for your responses as 


nT 
é perience in IT and am pursuing my 

MBA in management technology. 
Although I’ve earned several certificates for 
computer training courses throughout the 
years, | have no Microsoft certifications. 
After earning my MBA, will | need to have 
some certifications under my belt if | want 
to gain a management position in IT? It 
sounds like you have committed your- 
self to a career of learning, and not 
only is that admirable, it’s necessary to 
grow and advance — congratulations! 
You're at a major crossroad in your ca- 
reer, and it’s time to make some hard 
decisions. 

Early careers are driven by increas- 
ing your depth and breadth of techni- 
cal knowledge. One very popular way 
to demonstrate continued technical 
growth is with certifications. As you 
learn, you are able to deliver more val- 
ue to your employers and should be 
recognized, compensated and promot- 
ed for the increased value. 

But at some point, you have to decide 
how you are going to continue to add 


—* 
es 


| have more than eight years of ex- 
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more value to your organization. On 
the path of technical value, you become 
ever more specialized and narrowly fo- 
cused on your technical knowledge. 
You deliver more value through the 
depth of your knowledge. On the path 
of managerial value, you add more val- 
ue by making others more productive. 

If you are committed to going the 
managerial path, forget about the 
MCSE. It will do nothing for you or 
your employers, since the technical 
value you can add will diminish rapidly. 

If you want to continue to be pri- 
marily technical, get the MCSE. Slow 
down on the MBA but don’t quit it al- 
together, because deeply technical 
people with good business knowledge 
are even more valuable than those who 
have none. 

While it may seem attractive to try 
to go both ways, it’s not possible for 
any but the most amazingly energetic 
and talented people. The technical 
people who can manage brilliantly are 
the alien abductees of the IT world. 
There are far fewer people who can do 
this than there are people who think 
that they can. 


The staffers don’t want to take the 
bs ° time to fill out time reports on 

what projects they are working on, 
their supervisors don’t care enough to en- 
force it, and management won't do anything 
but “remind them.” What can | do? If the 
staff doesn’t care about it, the supervi- 
sors don’t care about it, and the execu- 
tives pay only lip service to these re- 
ports, they probably aren’t really im- 
portant. If you are trying to collect 
data that no one uses, it’s hopeless. 
Don’t bother. 

Just get rid of the rule. Having unen- 


forced and widely disregarded rules 
can breed an attitude of contempt for 
all the rules. In IT deparcments, for 
every rule imposed, management pays 
a price in flexibility, morale and re- 
spect. Pick your rules carefully, and 
then enforce them appropriately. 

If you want people to track their 
time closely, they need a good reason 
to do so. Let the staffers estimate their 
own work, and use the time tracking to 
test the accuracy of their estimates. 
That will help them learn how to im- 
prove their estimation skills, so they 
may put up with it. 

If you want the supervisors to insist 
on time tracking, they should be evalu- 
ated not on enforcing the rule, but on 
using the information to bring their 


projects in on time. 
‘é cused on the work of the company 
rather than spend large percent- 
ages of his time public speaking and apply- 
ing for awards? I’m afraid that the ClO may 


How do | guide my CIO to stay fo- 


: be getting “rock-star-itis.” | know the teams 


need recognition beyond the company, but 
what's the right balance? If your CIO is 
more interested in building his public 
profile than in running the IT function, 
you've got a real problem. In my book 
Leading Geeks, I suggest that an IT 
leader has four key responsibilities: 

® Furnishing internal facilitation. 

® Providing external representation. 

@ Nurturing motivation. 

@ Managing ambiguity. 

If a CIO is focusing on any one of 
these to the exclusion of others, the or- 
ganization suffers. The CIO is shirking 
important parts of his responsibilities 
and needs to either change his approach 
or be replaced. 

Being an active member of the IT 
management community is an ad- 
mirable and valuable thing for a CIO. A 
speech here or there, a magazine inter- 
view or two, or even serving on the 
board of a professional association is a 
good thing to do. But it doesn’t take 
that big a time commitment. And while 
the PR generated by CIO awards isn’t 
a bad thing for any company or the 
morale of the IT staff, it does rather 
little to keep the systems running. 

Rock-star behavior is personal glory- 
seeking, not effective representation 
of the IT group. That stance is easily 
spotted by the staff and is appropriate- 
ly met with derision and disgust. 

There are no rock stars in the IT 
world. We do things that are absolutely 
essential but hardly glamorous. If 
someone is just résumé-padding, he 
needs a good kick in the rump roast. 

@ 54660 
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WHILE WE'RE ON 
THE SUBJECT... 


H kills IT employers 
factive j ; Yes 


Ability to think strategically 
Ability to think analytically 
re ety 
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Quantitative skills 


itso ental: 
think MBA g 
Leadership 


Ability to make decisions 
PUM a mee Le 


Interpersonal skills 
Initiative/risk-taking ability 
Written communication skills 


SOURCE: GRADUATE MANAGEMENT ADMISSION 
COUNCIL 2005 SURVEY OF 1,691 RECRUITERS 
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IF YOU'RE A CIO WHO ENJOYS being in 
the public eye, one of Gartner Inc.'s CIO must- 
do resolutions for 2005 may be just the ticket: 
Notch up your external public relations activi- 
ties, Gartner advises, but first get professional 
advice. 

That means moving beyond the occasional 
conference presentation to learn how to deal 
with a tougher audience: the press. But the pay- 
off is the ability to bring flattering attention not 
only to yourself, but also to your IT group and 
your company. “Compared with their business 
peers, ClOs are often ill-prepared to deal with 
the press, resulting in ineffectual or counterpro- 
ductive public statements,” Gartner says. “Op- 
portunities exist to gain competitive advantage 
from PR, but you should professionalize your 
competence.” 
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Resist the temptation to comment 
about the future of a technology that 
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where information lives* 


Fr: being alone with your information management challenges 





To: getting all the help you need 





EMC SERVICES CAN HELP YOU GET MORE FROM YOUR INFORMATION. With EMC, you get the combined 
expertise of over 7,000 consultants, specializing in everything from comprehensive analysis and long-term 

planning to proven implementation and support. It’s the insight you need to archive information efficiently, 

enable compliance, maintain business continuity, and take on new challenges. And it’s the first step toward 
creating an information lifecycle management strategy that fits your business. To put EMC’s award-winning 

services to work for you, visit www.EMC.com/services, ae 


EMC’, EMC, and where information lives are registered trademarks of EMC Corporation. © Cama 2005 EMC Corporation. All rights reserved. 
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Haii of the Fortune 500 companies have 
dealt with at least one incident related to 
computer pornography in the workplace 
over the past 12 months, according to a 
survey released last month. 

Corporations are taking the problem seri- 
ously; survey respondents said that those 
responsible were fired in 44% of the cases 
and disciplined in 41%. 

The survey was con- , 
ducted by Delta Consulting, iy 
an Atlanta-based market 
research company. The 
respondents were executives from 50 of the 
Fortune 500 in industries, including manufac- 
turing, retail, health care, banking/financial 
services and telecommunications. The indi- 
viduals polled ranged from senior vice presi- 
dents to managers. 

Of those polled, 74% said they were fully 
aware that computer porn in the workplace can 
form the basis for employee claims of sexual 


Time to 
Get Away 


Do employees in 
your organization feel 
more comfortable taking 
time off this year? 


SOURCE: WORKFORCE MANAGEMENT 
MAGAZINE ONLINE POLL. JULY 2005 
457 RESPONDENTS 


WORKPLACE 


harassment and a hostile work environment. 
However, only 54% described themselves as 
being totally cognizant that attorneys looking for 
evidence in such cases will first want to see a 
company's records on Internet usage, e-mail 
traffic and images on hard drives. 
“At the root of the issue, companies 
are liable - it's their equipment and their 
employees,” said Alain 
Recaborde, principal of 
Delta Consulting. “Not all 
of them realize that.” 
Recaborde split the 
people polled into three groups. Twenty-five 
percent, particularly those at the senior exec- 
utive level, were very sensitive to the topic of 
computer porn at work and the legal issues sur- 
rounding it. But on the flip side, another 25% 
didn’t seem to be aware of the issue or con- 
cemed about it. “Then, there’s 50% in the mid- 
dle who could go either way,” Recaborde said. 
- China Martens, IDG News Service 


ters) 
president 


Staffing Solu- 
tions Ltd., War- 
rington, England 


It might just have 

elie Mt) || OME OTL 

Vea eee yl 
ner month for job creation. Ac- 
cording to the Bureau of Labor 
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100;000 more than analysts had 
Codie cite 

The gains also reflected an 

uptick in the hiring of temporary 
IT workers, according to Yoh, a 
staffing and outsourcing services 
firm with more than 80 locations in 
the U.S. and U.K. Computerworld’s 
Thomas Hoffman spoke with Yoh’s 
Charlie Jones about hiring trends 
eur am LCs 


What were you able to glean from the 
April jobs report in terms of hiring 
prospects for temporary IT workers? 

| think you're gcing ts start seeing an upward 
spiral. Everything that we've been seeing indi- 
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cates that there’s increased demand for IT 
professionals across all regions and within 
different parts of companies. We've been 
seeing a fairly substantial increase in demand 
for project managers, application developers 
- especially in [enterprise application integra- 
tion] technologies. There's a big increase 

in demand for Java-type skills, a nice blip in 
the ERP/CRM world and also in the data 
warehousing space. 

In the last couple of years, IT budgets were 
slashed and new project developments were 
put on the back burner. Now, some of those 
monies have been freed up, and organizations 
are looking at what types of projects are go- 
ing to drive ROI, and that's where we're see- 
ing the greatest increase in activity. 


Are there particular industries where 
hiring for temporary IT workers is 
strongest? A lot of work is becoming avail- 
able in banking and finance. There are some 
nice increases in pharmaceuticals. We've 
seen a substantial blip in the retail sector. 


How is this affecting wages? Over the last 
few years, wages had been compressed. 
Now, hourly wages are going up for contract 
consultants, with a lot of higher-end profes- 
sionals getting multiple offers. We're seeing 
more and more counteroffers and an increase 
in the bill rates that we're sending back to our 
clients. It's even starting to outstrip supply, 
which will cause labor rates to increase. 


Is there any way to quantify the increase 
in wages over the past three to six 
months? | haven't put the pen to paper on this 
yet, but it looks like it’s a 5% to 6% increase 
since the beginning of the year. @ 55314 


> Cisco network administration 


Check Point firewall 


_ administration 


Visual Basic development 
Active Server Page 
development 


-Net development 
XML development 
Linux administration 


Oracle database management 
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QUICK HITS 


Open-Source 
What are your plans for 
open-source software? 


Base: 140 North American companies 
Percentages don't equal 100 because of rounding 


Base: 128 North American companies 
Percentages don't equal 100 because of rounding. 


SOURCE: FORRESTER RESEARCH INC 
CAMBRIDGE. MASS. JUNE 2005 


if you're not using or 
planning to use open-source, 
why not? 
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STEFAN STEURS 


Offshoring: 
View From Europe 


’M A READER OF Computerworld on the other 

side of the Atlantic. When I read “The ‘O’ Word 

Reconsidered” [QuickLink 54064], I was glad to 

see that someone in the U.S. was treating this 

subject from a different point of view than the 
one I’ve been hearing and reading lately. 

The stance on outsourcing taken by some U.S. citi- 
zens in articles, columns and e-mails is sometimes grim. 
At some point, it often starts to sound very arrogant, 
not to say racist. Here are the arguments, as I see them: 


Americans frequently 
question the quality of 
“offshore” education. But 
there are good universities 
all over the world teaching 
students in English about 
IT so they can become 
well-educated software de- 
velopers. Education is the 
way forward to democracy 
and prosperity, so shouldn’t 
we be happy that those peo- 
ple can get it? Democracy 
and prosperity are what 
we're all after, aren’t they? 

Moreover, the power of 
numbers can’t be denied. 

The “offshore” workforce accounts for 
one-third of the world’s population. 
And improving education systems and 
emerging modern infrastructures will 
generate more pools and pockets of 
talent, whether we like it or not. 

What’s more, the quality of the soft- 
ware that we in the West have been 
building has often been criticized, too. 
Are we in a position to pass blame to 
other people about lack of quality 
when we haven’t been doing such a 
great job ourselves? 

Wages are another point of con- 
tention. A lot of people in the “off- 
shore” countries are very motivated 
and work for far less than their Euro- 





pean and American col- 
leagues. For people with 
fewer opportunities, lower 
wages are better than no 
wages at all. 
True, Americans and 
Europeans sometimes lose 
jobs to these people, but 
aren’t we over-represented 
in terms of the proportion 
of the world’s IT workers 
to our relative populations? 
Can it be called fair that we | 
deny people of the largest 
countries in the world a 
fair share of the market? 
The Asian market is de- 
veloping quickly. It represents a giant 
opportunity, and protectionism won't 
buy a lot of goodwill. 

Involvement, on the other hand, will 
lead to mutual benefits. Don’t forget 
that when these local economies get 
going, they’ll become markets for the 
products and services you'll be offer- 
ing tomorrow. 

We've seen other sectors going 
through the same motions. Producers 
of goods like clothing and electronics 
have mostly abandoned the U.S. and 
Western Europe in favor of places 
with cheap labor, relaxed ecological 
rules and low-priced raw materials. 





This has not always happened in a 


www.computerworld.com 


very fair way, and sometimes it has 
looked like exploitation. 

Fortunately, IT requires educated 
and skilled people, a decent infrastruc- 
ture and appropriate working condi- 
tions. Even our IT equipment’s need 
for clean and climate-controlled oper- 
ating conditions makes the playing 
field more level. 

I can appreciate that IT workers feel 
threatened, but fear is a bad factor in 
decision-making. A better reaction is 
to make sure that you can be competi- 
tive. If you are good at what you do, 
then strive to get even better — work 
harder, be flexible and enhance your 
knowledge and skills. 

IT has made this world smaller and 
more connected, and the outsourcing/ 
offshoring of software development 
can help create the global village we 
say we're seeking. In this village, we 
will all be neighbors, and good neigh- 
bors are what we need. Such a village 
requires mutual respect, involvement 
and cooperation, not isolation and 
fortresses. 

The idea of a level playing field may 
not be appealing to the politicians who 
seek to protect power and influence or 
to the big corporations that, above all, 
want to maximize profits and lower 
production costs. It may not seem ap- 
pealing to people who might lose their 
jobs. Nevertheless, not accepting fair 
and equal opportunities for all the 
people who live in this village can’t be 
the way to go. 

Advances will be in the interest of 
the whole world, not limited to a lucky 
few. If you don’t get involved in global- 
ization, if you don’t develop your rela- 
tionships, then chances are you will be 
overtaken and left behind. @ 55190 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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HP PROLIANT BL20p G3 BLADE SERVER 


with ProLiant Essentials Management Software 
* Up to 2 Intel® Xeon™ Processors (3.60GHz/2MB) 
* High density: Up to 48 servers per rack 
+ Flexibie/Open: Integrates with existing infrastructure Simple to set up, simple to monitor, s mple to manage. It a te +}, eR 
+ HP Systems Insight Manager™: Web-based networked - 

managment through a single console 
* Rapid Deployment Pack: For ease of deployment and 

Ng provisioning and reprovisioning 


The HP ProLiant BL20p G3 blade server with the Intel® Xeon™ Processor simplifies server management 


Pn 
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ement teatures let you manage your se 


SA1500 to ma 


can bundle it with | 1P StorageWorks M 


and affordable. So with HP, you get more expertise before yOu Duy 


HP STORAGEWORKS MSA1500cs 


Get 2TB of Storage Free ($2,800 Value) 

+ Up to 24TB of capacity (96 250GB SATA drives) 

+ Up to 16TB of capacity (56 300GB SCSI drives) 

* Ability to mix SCSI and Serial ATA enclosures 
for greater flexibility 


+ 2GB/1GB Fibre connections to host SMART ADVICE > SMART TECHNOLOGY > SMART SUPPORT 
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2nd Annual 


COMPUTERWORLD 


Find Real Solutions for Achieving 
Business Intelligence Success 


BUSINESS ahi oe TT Oe 
INTELLIGENCE 
PERSPECTIVES 


Got an award-worthy 
business intelligence 
project? 

Submit it for consideration 
by August 12th! 


IN BUSINESS INTELLIGENCE 


NEN ohm ad tele r | 


Featured Speakers Include: 
JAMES A. BELL 


General Manager, Operating Services 
Union Pacific Railroad 


JON FARRAR 
Vice President, Predictive Modeling 
Union Bank of California 


TONY FULLER 
Vice President & Chief Information Officer 
Rent-A-Center 


ANDY GEORGE 
Senior Vice President of Technology 


Profitline 
ROBERT GRAY 


» Vice President, Infrastructure Metrics 
Bank of America 


BRIAN HICKIE 
Vice President, Business Intelligence 
McKesson Corporation 


BARBARA KINDEL 
Vice President, IS Solutions Engineering 
Calpine 


STACY J. SMITH 
Vice President & Chief Information Officer 
Intel 


See solutions from companies including: 
g 


CONFERENCE UNDERWRITER 


The Leading Executive 
Conference for: 

* Business Intelligence Applications 
* Performance Management 

* Risk Management 

* Analytic Technologies 

* Data Warehousing and Mining 

* CRM and ERP 

* Regulatory IT 

* Best Practices in Bl 


To register or for more information, 
visit www.biperspectives.com/cw 
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As far as business models go, ours is pretty simple. 


At U.S. Celiular®, we treat our customers the way we want to be treated - with respect, appreciation and loyalty. We understand that in 
order to keep our customers, we must to do everything in our power to make their experience with us a rewarding one. 


The same holds true with our own associates. As an Information Systems or Engineering Professional with U.S. Cellular, you will discover 
a diversified group of skilled professionals who all share one thing in common: an uncompromising commitment to do whatever it takes to 
make the customer experience satisfying - and to enjoy a career experience just as rewarding. 


If you're looking to join an organization that cares as much about associate satisfaction as it does its customers’, take a good look at 
U.S. Cellular. To explore all of our current Information Systems and Engineering positions, please visit: www.uscellular.com today. EOE. 


4K US. Cellular 


We connect with you: 


www.uscellular.com 





IT|careers 


Even better for your career. 


| UnitedHealth Group is a company that’s going places, and the mainframes are critical to getting us | 
| there. We're expanding, growing and developing into a diverse organization destined to be the 
name in health and well being. In just the past year, we've acquired leading companies like Mid- 
Atlantic Medical Services (MAMSI), HomeCall, Definity Health, Oxford Health....just to name a few 
Our growth translates into your growth. 
| 
| Right now, our Computer Data Center has multiple openings in Hartford, CT and Minneapolis, MN 
| for MAINFRAME IT professionals in the following areas 


¢ CICS Systems Programmers (Req # 141047) 
* 2/OS Consultant Leads (Req # 141053) 
¢ Mainframe DB2/IMS DBA (Req # 141718) 
¢ Mainframe Storage Architects (Req # 141105) 
¢ IMS Systems Programmers (Req # 141045) 
* DB2 Systems Programmers (Req # 141046) 
* Endevor Administrator (Req # 138859) 


Here the environment is fast. Projects are diverse. Managers 
are highly visible and approachable. Mainframes play a key role 
in our application hosting operations. Basically, you'll be 
| Surrounded by the best technology, people and resources the 
industry has to offer. That's why at UnitedHealth Group, our 
motto is: 
Healthy Business. A Rare Combination. 
The next step? Apply on line at: 
www.unitedhealthgroup.com/careers 


a healthier atmosphere; An equal opportunity employer. M/F/D/V. 


| Great for your portfolio. 


UnitedHealth Group | 





CME, the largest and most diversified 
financial exchange in the world for 
trading futures and options on futures, 
is proud to\ be‘acknowledged in 
Computerworld's'100 Best Places 
to Work in IT for 2005. 


We are currently seeking experienced 
technology professionals to join our dynamic team: 


Senior QA Analyst 
Unix/Linux Administrator 
Senior Java/J2EE Programmer Analyst 
Lead Network Engineer 


Review detailed position descriptions, 
explore additional career opportunities and apply online at: 


cme @ 


Chicago Mercantile Exchange 
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Equal Opportunity Employer 


We have multiple openings for the following positions to work at 
client sites throughout the United States. Send Resumes to: Webilent 
Technology Inc, 259 A Main St. Suite #5 Nashua, NH 03060 


Senior Java Software Engineer - Provide software expertise and lead the 
team which maintains and develops improved interfaces for new and 
existing mission critical applications. Oversee the design and develop- 
ment of software applications using Java, JDBC, J2EE, JSP, Struts, Web- 
sphere, Weblogic, Tomcat and XML. Perform object oriented methodolo- 
gies and problem diagnosis. Ensure nrnie~* ‘= completed in timely man- 
ner 


Senior Oracle Software Engineer - Design, develop and customize 
Oracle Applications using Oracle Forms, Reports, Stored Procedures and 
PL/SQL. Solve system issues. Provide design recommendations to assist 
in generating requirements and improving performance and reliability of 
existing and new software. Lead a team of programmers to implement the 
application. 


Senior Software Engineer - Interpret requirements and generate software 
design specifications. Carry our effort estimation for new development 
Implement software modules in C/C++ or Java. Conduct code and docu- 
ment reviews. Perform unit testing of software modules. Develop simula- 
tion and test tools. Support system integration and field integration. Main- 
tain and support existing software modules and provide technical guid- 
ance to team members 


Lead Database Administrator - Manage a number of databases for devel- 
opment, test and production environments. Resolve problems and per- 
form peer-review of SQL/PL SQL for best practices will be undertaken as 
projects move through the development lifecycle 


Senior Mainframe Software Engineer - Analyze the business needs, pre- 
pare the technical specifications and test the application using COBOL, 
VSAM, CICS, DB2, Fileaid, and MVS/ESA. Work on performance effi- 
ciency, troubleshooting, and production support. Lead a team of pro 
grammers to implement the application. 


Senior QA Software Engineer - Analyze, design, develop and prepare the: 
test scripts for the business applications in collaboration with Systems 
Engineer requirements and design process. Will work with testing tools 
Winrunner, QTP, and Test Director on Windows NT/Windows 2000/Unix 
Operating Systems. Will lead a team of testers to implement the applica- 
tion 


Senior SAP Software Engineer - Perform configuration of WM, MM and 
TF technology implementation. Analyze SAP systems. Perform ABAP/4 
programming using WM, SD, Fi/CO PP modules. Perform validations and 
testing. Lead the development team and integration effort for the imple- 
mentation of contracts business processes in SAP R/3 sales and distrib- 
ution (SD). Propose technical solutions and ensure fit with Enterprise 
Architectural Guidelines 


Senior Unix Administrator - Oversee and perform Unix System adminis- 
tration, TCP/IP Network Administration, system: planning, clustering, per- 
formance tuning, application monitoring, hardware/software evaluation 
and shell scripting in Sun Solaris/HP-UX/AIX/Red Hat platforms. 


Sr. .Net Software Engineer - Design, develop and test software applica- 
tions using SQL Server, ASP.net, C#, VB.Net, XML and Crystal Reports. 
Perform troubleshooting, query optimization, testing and production sup- 
port. Lead a team of programmers to implement the application 
Participate in internal program reviews. Manage and mentor the develop- 
ment staff. Ensure development is completed according to policies and 
procedures 


Sr. SAP Business Analyst - Perform business process analysis, design- 
ing, business problem management and project implementations. Will 
work on implementation and Integration of Fi/CO, SD, HR, MM and other 
modules of SAP R/3. Integration of PP and MM with other SAP R/3 mod- 
ules SD, WM & FI/CO. 


Technical Lead: Verso Technolo- 
gies, Inc. seeks applications for 
the position of Technical Lead in 
the following areas: Network 


Software Engineer. Plan, des- 
ign, develop & implement cus- 
tomizations to Oracle Applica 
tions Suite in jewelry manufac- 


Engineering, Software Engin- 
eering, Quality Assurance. The 
Technical Lead-Network Engin- 
eering position involves analyz- 
ing and diagnosing problems. 
regarding telecommunication 
Voice Over Internet Protocol 
(VOIP) hardware and software. 
Requirements for the Technical 
Lead Network Engineering 
include a Master's degree or 
equivalent, two years of network 
engineering experience and 
working knowledge of Voice 
Over Packet Switching (VOPS) 
and VOIP technology and tele- 
phony signaling protocols. Tech- 
nical Lead-Software Engineer- 
ing position involves full life- 
cycle design and development 
of VOIP software including tele- 
phony and network telecommu- 
nications software applications 
for high availability systems 
Requirements include Master's 
Degree or equivalent, two years 
of software engineering experi- 
ence, and working knowledge of 
C/C++, VOIP software and tele- 
phony signaling protocols. Tech- 
nical Lead-Quality Assurance 
involves the testing of hardware 
and VOIP software for compli- 
ance with telecommunications 
protocols and product release 
feature requirements. Require- 
ments include a Master's De- 
gree or equivalent, two years of) 
quality assurance engineering 
experience and working knowl- 
edge of creating test specifica- 
tions from software product 
requirements and generation of 
test scripts for telephony and 
VOIP protocol validation product 
requirements. All positions are 
located in Littleton, Colorado 
Send resume by mail to Larry 
Schwartz, Verso Technologies, 
Inc., 1221 W. Mineral Avenue, 
Suite 100, Littleton, Colorado! 
80120. 
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turing & distribution operation 
performing gap analysis, custom 
development, configuration, im- 
plementation, migration & devel- 
opment of interface for many 
third party systems. BS, Compu- 
ter Science or Engineering; 5 yrs: 
progressively more responsible 
information technology exp 
including: Oracle Developer 6i 
PL/SQL, & Workflow; 1 year 
exp. Oracle Application Modul- 
es, including Order Manage- 
ment, Advanced Pricing, inven- 
tory, Purchasing & WIP. Exp 
may be obtained concurrently. 
Send resume to Stuller, Inc. 302 
Rue Louis XVI, Lafayette, LA 
70850. Must apply w/in 30 days 
& refer to job#25097 


Systems Administrator 
Metuchen, NJ 


Sunrise Systems a software 
consulting & development com- 
pany has multiple openings for 
experienced professionals to 
install/configure/support HP/Sun 
Solaris Servers, Brocade Swit- 
ches. Tune Kernel Parameters & 
Memory Cache. Install / main- 
tain Legato, Omni Backup, Veri- 
tas Netbackup, Veritas Clusters 
& MC Service Guard. Provide 
support of systems availability & 
implement Network Node Mana- 
ger, IT Openview, systems secu- 
rity measures & SOX implemen- 
tation. install HP Command 
View & Secure Manager. We 
offer competitive salaries & pro- 
fessional work environment. For 
immediate consideration send 
resume to. Sunrise Systems 
Inc., Attn.: HR - 21A, PO Box 
4647, Metuchen, NJ 08840 


Software Engineer. Plan, des- 
ign, develop & implement cus- 
tomizations to Oracle Applica- 
tions Suite in jewelry manufac- 
turing & distribution operation 
will perform gap analysis, cus- 
tom development, configuration, 
implementation, migration & 
development of interface for 
many third party systems. BS, 
Computer Science or Engineer- 
ing; 5 yrs progressively more 
responsible information technol- 
ogy exp., including: JAVA, JSP, 
Oracle Developer 6i, PL/SQL, & 
Workflow; 1 yr. exp. Oracle 
Application Modules, including 
Order Management, Advanced 
Pricing, Inventory, & Purchasing 
Experience may be obtained 
concurrently. Send resume to 
Stuller, Inc. 302 Rue Louis XVI 
Lafayette, LA 70850. Must apply 
wiin 30 days & refer to 
job#25096 


Software Engineer 
Develop SW solutions for China 
email address validation, daily 
email newsletter delivery to 
China, email db maintain, up- 
date, data process, web data 
analysis, & counter Internet fil- 
tering practice in China & sys- 
tem administration for Linux/ 
Windows servers. Job in Cary 
NC. Req: M.S. in CIS/CS, 1 yr. 
exp. Working knowledge in 
Written Mandarin. Skills in TCP/ 
IP, Perl, Java, C/C++, VB. 40 
hrs/wk. Resume/Ad to Dynamic 
Internet Technology, Box #240, 
2731 NC HWY. 55. Cary, NC 
27519. 


Programmer Analyst needed 
w/Bachelors or Foreign Equiva- 
lent in Engg. or Comp Scie. or 
Math & 1 yr exp to analyze 
design, develop, test & docu- 
ment application s/ware using 
Sybase ASE, MS SQL Server, 
Visual Source Safe, ASP. Net, 
Centura SQL Windows, ASP, 
Borland Code Wright, SAP, 
Siebel, Rumba, Test Director on 
Sun Solaris, Unix & Windows 
2000/xP. Mail res to 
Compuinfo, 22 Meridian Rd 
Suite #17, Edison, NJ 08820 
Job Location: Edison, NJ or in 
any unanticipated locations in 
US 


VOIP application en- 
gineers. B’Ham, AL. 
Req: MSEE & exp 
w/Cisco routers & 
Linux/Unix & voice 
over IP. US workers 
only: R Hoff, Compe- 
tent Staffing Resour- 
ces, 1415 Paradise 
Cove Lane, Wilson- 
ville, AL 35186. 


Computer & Information 
System Manager 


Plan, dir., rev. & mnge act 
involved in web architecture, 
application, DB design, 
development & implement 
Req: MS in CS, 2 yrs. related 
exp. skills in PHP, Perl, Py- 
thon, ASP, Javascript, CSS, 
Photoshop, Linux, MYSQL, 
Apache, MS SQL/Access/ 
Foxpro. 40hr/wk. Resume/Ad 
to HR of the Artist Group at 
8a lrongate Dr, Waldorf, MD 
20602. 
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Driving Innovation, Bringing Value, and Embracing Change 


Drive Your Career and 
Your Business Toward Success! 


Detroit, Michigan ¢ August 17 — 20, 2005 


Detroit Marriott at the Renaissance Center * Detroit, Ml 48243 (313) 568-8000 


Whether you want to checkout the 
latest technologies, find a new job, 
or market your business, the BDPA 
Conference is the place to be: 


* Leading-Edge Workshops 


and Seminars 


¢ Entrepreneur Focused 
Workshops and Events 


More than 40 exhibitors & 
recruiters from the nation's 
eading employers will be 
conducting on-site interviews. 
For maximum exposure, upload 
your resume today: 


www.bdpa.careers.monsier.com 


* Youth Technology Camp 
¢ BDPA IT Golf Classic 
* High Schoo! Computer 


Competition 


fee ee 


Visit: www.bdpa.org to register today! 
BDPA - 6301 hy Lane, Suite 700 - Greenbelt, MD 20770 
Phone: 301-220-2180 ~ Fax: 301-220-2185 - (B00) 727-BDPA 


BiRa Systems, located in 
Albuquerque, NM, seeks a 
Software Engineer. The po- 
sition requires a Masters 
Degree in Computer Sci- 
ence and knowledge of 
Complex Problem Solving, 
Programming and Technol- 
ogy Design. Fax resumes to: 
Phil Biswell, CEO at 505- 
888-0651 or mail resumes: 


company 
L.A, CA. B.S. 
Comp. Sci. Mail re- 
sume to HR at 4162 
Bandini Blvd., Los 
Angeles, CA 90023. 


WebFeat, Inc., located in Ojai, 
CA, seeks a Software Engin- 
eer for their location in 
Fairfax, VA. The position re- 
quires a Masters Degree in 
Computer Science and 1 year 
experience in Systems Analy- 
sis, Programming and Troub- 
leshooting. Fax resumes to 
Marge Ehmann, Office Man- 
ager at 516-908-4311 or mail 
resumes to: WebFeat, Inc., 
212 Del Norte Road, Ojai, CA 
93023, Attn: Marge Ehmann 


SAP Consultant, ABAP 
Progr, Design Engg 
(PDM/CAE), Embedded 
Systems, Plant Automa- 
tion & Progr Analysts 
needed for IT firm to 
work at various sites 
throughout US. BS, MS 
or equiv in CS, EE, 
Mech, Bus Adm, Finan- 
ce or related. Pls mail 
resume to HR, 33533 
West 12 Mile Rd, #131, 
Farmington Hills, Ml 
48331. 


ATTENTION: 


ees RS Ck 


Contact 
Danielie Tetreautt at: 
800-762-2977 
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Place your Labor 
Certification ads here! 


Are you frequently placing legal or immigration advertisements? 


Let us help you put together a cost effective 
this time-consuming task a little easier. 


program that will make 


it;careers 


IT PROFESSIONALS 


TAJ Technologies, Inc delivers 
Cutting-edge IT solutions to cli- 
ents nationwide. We are seeking 
fully qualified candidates for the 
following positions (multiple op- 
enings): Programmers to devel- 
op & write computer programs to 
store, locate & retrieve docu- 


ich, design, develop & test oper- 
ating systems-evel, compilers & 
network distribution for business 


involve use of one or more of the 
following: Ematrix, VC++, MFC, 
Sybase, Visual Studio.NET, C#, 
Tibco, Filenet, Linux, Java 
J2EE, JavaScript, SAS, Factory 
Works, HTML, XML, UML, Perl, 
C, C++, UNIX, Coldfusion, DB2/ 
SQL Server, Crystal Reports, 
Oracle, SQL Server. All positions 
require bachelor's (or foreign 
education equiv of same) in 
related field plus 1 yr relevant 
experience. Relocation to vari- 
ous client sites in U.S. as need- 
ed. Send resume & specify posi- 
tion you are seeking to: TAJ 
Technologies, inc., 1168 North- 
land Dr., Mendota Heights, MN 
55120 Attn: Bryan. EOE. 


Panex Consulting, Inc. d/b/a 
Panex KPIT is seeking a CIS 
Project Manager. Job location 
is Stafford, TX and various unan- 
ticipated locations. Individuals 
with Masters Degree in Manage- 
ment information Systems, 
Computer Science, Mathemat- 
ics, Business Administration, or| 
Engineering; and 2 years experi- 
ence as CIS Project Manager, 
please respond with resume to: 
10701 Corporate Drive, Suite 
380, Stafford, TX 77477, Attn Mr. 
Tarte. 


IT|\Careers 
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For over 20 years, Syntel employees across North America, Europe, and Asia 
have helped build advanced information technology systems for leading 
Fortune 500 companies and government organizations to improve their effi- 
ciency and competitiveness. Today, Syntel professionals are building 
rewarding careers by providing solutions in e-business, CRM, Web Design 
and Data Warehousing. Come discover why Syntel has been ranked one of 
“The 200 Best Small Companies in America” for the last four years in a row 


Due to our rapid growth, we have immediate, full-time opportunities for both 
entry-level and experienced individuals in the following positions: 


Business Development/Account Specialist 
Manage Sales activities and achieve sales quota for assigned territory. Help 
Syntel’s sales leadership in planning and rolling out an inside sales strategy. 


Project Leaders/Managers 

Train and manage programmer analysts on installation and configuration of 
hardware and software application, as well as be responsible for project 
planning an quality assurance. 


Programmers/Analysts 
Analyze, design, develop, test, and maintain relational database 
management systems. 


The above-mentioned positions should possess any 
of the following skills: 


Mainframe 
* IMS DM/DC or DB2, MVS/ESA, 
COBOL, CICS 


DBA 
* ORACLE OR SYBASE ° DB2 


Client-Server/WEB 

* Ab-initio 

© Websphere 

* Com/Dcom 

© Web Architects 

¢ Datawarehousing 

* Informix, C or UNIX ° WinNT 

* Oracle Developer or Designer * Sybase, Access or SOL server 
2000 © PeopleSoft 

e JAVA, HTML, Active X * Visual Basic 

® Web Commerce © PowerBuilder 

* SAP/R3, ABAP/4 or FICO or MM ° IEF 
&SD 


* Focus, IDMS OR SAS 


* Oracle Applications & Tools 

© Lotus Notes Developer 

¢ UNIX System Administrator 

© UNIX, C, C++, Visual C++, 
CORBA, OOD or OOPS 


Some positions require a Bachelor's degree, others a Master's degree. We 
also accept the equivalent of the degree in education and experience. 

With Syntel (NASDAQ: SYNT, you'll enjoy excellent compensation, full ben- 
efits, employee stock purchase plan and more. Please forward your resume 
and salary requirements to: Syntel, Inc., Attn: Recruiting Manager-LD07, 525 
E. Big Beaver, Suite 300, Troy, Ml 48083. Phone: 248-619-2800; Fax: 248- 
619-2888; Equal Opportunity Employer. 


SYN Tet 
www.syntelinc.com 
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THE CARLYLE GROUP 

THE DOW CHEMICAL CO. 

THE GUARDIAN LIFE INSURANCE 
COMPANY OF AMERICA 

THE INSTITUTE OF INTERNAL 
AUDITORS . 

THE SOUTHERN CO. 

THE YANKEE GROUP 
THOMSON LEARNING. 

TIME WARNER CABLE INC. 
TIVOL! SOFTWARE. .. 
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UNIVERSITY OF NORTH CAROLINA 
HEALTH CARE SYSTEM 
UNIVERSITY OF PITTSBURGH 
MEDICAL CENTER 

US AIRWAYS GROUP INC. 
VERISIGN INC. 

VERIZON COMMUNICATIONS INC. 
VISA U.S.A INC. 

VONTU INC. 

WEBMETHODS INC. 

WEBSENSE INC. 

WEST VIRGINIA BUREAU OF 
EMPLOYMENT PROGRAMS 
WORLD WIDE WEB CONSORTIUM 
YOH STAFFING SOLUTIONS LTD. 
ZAPTHINK LLC 
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Mass. Set to Restart 911 Rollout After Tragedy 


BY MARC L. SONGINI 
HE state of Massa- 
chusetts is preparing 
to restart Verizon 
Communications 

Inc.’s $75 million implementa- 
tion of an updated 911 emer- 
gency system after a software 
glitch was linked to a delayed 
emergency response that ulti- 
mately ended in tragedy. 

The rollout to public safety 
operations statewide was halt- 
ed after the May 19 incident, 
when a 9il call in Hopkinton 
failed to display the caller’s 
address or telephone number 
for emergency personnel. 
That feature was a key part 
of the system. 

By the time Hopkinton po- 
lice and fire personnel located 
the caller’s house, the person 
requesting help was “unre- 


VENDORS and 
government 
agencies want 
improved loca- 
tion-tracking 


sponsive” and subsequently 
died, according to a statement 
by Thomas Irvin, Hopkinton’s 
police chief. 

The 911 system in question, 


called Vesta, was made by call 
center gear provider Plant 
Equipment Inc. in Temecula, 
Calif. The vendor referred all 
questions to Verizon, which 
was contracted by Massachu- 
setts to install the system. 

The state is installing the 
new system largely to take ad- 
vantage of its ability to display 
the location of cell phone 
callers. In this case, though, 
the 911 call was made from a 
land line. 

The glitch led Verizon and 
the Massachusetts Statewide 
Emergency Telecommunica- 
tions Board (SETB) to stop de- 
ploying the systems until the 
problem was fixed, a Verizon 


| spokesman said. 


Prior to the troubled May 19 
call, the system had been in- 
stalled in 14 so-called public- 


safety answering points in 
Massachusetts. All 14 systems, 
which have remained online, 
were expected to have re- 
ceived the software modifica- 
tion by July 22, according to 
the spokesman. 

Paul Fahey, executive di- 
rector of the SETB, said the 
agency will meet early next 
month to decide whether to re- 
sume the work of installing the 
rest of the 260 Vesta systems. 

According to an e-mail 
statement from Irvin, Hopkin- 
ton has resumed using the 
new system under a close 
watch by officials. The in- 
stalled systems were fixed as 
part of a maintenance agree- 
ment with Verizon. 

The Verizon spokesman 
said the updated 911 system in- 
cludes a redundancy feature 
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that enables users to retrieve 
information by other means if 
it’s not immediately displayed 
on their terminals. 

However, the spokesman 
said, “we do not know if the 
information for this particular 
call appeared on the backup 
systems. We don’t have any di- 
agnostic data from that call.” 

Irvin said he believes the 
redundant feature, if it was in 
place, was unavailable to users 
until after the fix was released. 

The Verizon spokesman 
claimed that the glitch affect- 
ed less than 1% of 911 calls 
placed through the Vesta sys- 
tems installed in Massachu- 
setts. @ 55714 


Florida's Miami-Dade County is set to roll 
out a new 911 system that promises closer 
links to other county applications: 


QuickLink 55735 
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Continued from page 1 


IT Wages 


but they didn’t all agree that 
increasing costs for offshore 
IT labor are a significant con- 
tributing factor. 

“I don’t feel that increases 
of offshore salaries are the 
driver; it’s more driven by lo- 
cal economies improving and 
fewer available resources,” 
said Denny Brown, CIO at Ari- 
zona Public Service Co. in 
Phoenix. After having frozen 
IT salaries for the past two 
years, the utility company is 
considering a moderate pay 
increase for some of its rough- 
ly 400 IT workers, Brown said. 

A report released last week 
by Foote Partners LLC, a New 
Canaan, Conn.-based market 
research firm, found that pay 
for noncertified and certified 
technical skills has risen 3.8% 
and 1.3%, respectively, through 
the first six months of this year. 

Pay raises this year have 
been particularly strong for 
people with skills in operating 
systems (up 8.2%), networking 





and internetworking (up 5.1%), 
and databases (up 4.3%), the 
report said. 

The results, which are based 
on a survey of 1,800 North 
American and European orga- 
nizations from April to July 1, 
suggest that the notion that 
lower-cost offshore outsourc- 
ing led to wage deflation for 
IT workers may have been 
overblown, said David Foote, 
president of Foote Partners. 

“There’s no doubt about the 
fact that offshoring is continu- 
ing to grow,” Foote said. But 
many organizations “have had 
less-than-ideal experiences” 
with offshore outsourcing and 
are concerned about the risks 
involved, he added. 


Supply and Demand 


Other factors contributing to 
the rise in domestic IT sal- 
aries include growth in corpo- 
rate IT project portfolios and 
additional capital available to 
compensate high-performing 
IT workers, said Foote. 
Offshore outsourcing con- 
sultancy neoIT Inc. has also 
tracked “moderate growth” in 








USS. IT salaries, said Eugene 
Kublanov, vice president of 
corporate development at the 
San Ramon, Calif.-based firm. 
But, he added, the higher 
salaries being paid to IT 
staffers in the U.S. are the 
result of increased demand, 





not rising offshore wages. 
“Even though salaries off- 
shore are rising significantly 
in some locations, the base 
from which they are rising still 
makes offshore resources 
quite attractive from a cost 
perspective,” said Kublanov. 


| IT Skills Bonus Pay 


Operating systems 
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Base: 1,800 North American and European employers 





SOURCE: FOOTE PARTNERS LLC, NEW CANAAN, CONN.; 2005 HOT TECHNICAL SKILLS & 
CERTIFICATIONS PAY INDEX, 89 NONCERTIFIED SKILLS FOR THE YEAR THAT ENDED JULY 1, 2005 








A lack of U.S. workers with 
“higher-value technical skills” 
is a more likely reason for the 
changes here, he said. 

A tighter job market is mak- 
ing it particularly tough for 
Harrah’s Entertainment Inc. to 
find experienced IT project 
managers, business systems 
analysts, data warehousing 
managers and other special- 
ists, said Tim Stanley, senior 
vice president and CIO at the 
Las Vegas-based gaming and 
hospitality company. Harrah’s 
is looking to fill 25 to 35 IT po- 
sitions, he said. 

Allan McLaughlin, senior 
vice president and chief tech- 
nology officer at LexisNexis 
Group, a research provider in 
Dayton, Ohio, said hiring re- 
quests for IT workers are get- 
ting more specific — another 
factor contributing to compe- 
tition for technical skills. 

LexisNexis has an increased 
need for networking special- 
ists and plans to expand its 
five-person IT security team 
to nine or 10 people over 
the next six months, said 
McLaughlin. @ 55722 
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WAKE UP AN:D 
EXPERIENCE 


THE FUTURE 
OF TECHNOLOGY 


SEPTEMBER 19 ~ 21, 2005 // HYATT HUNTINGTON BEACH // CALIFORNIA 


COME AND FEEL THE EXCITEMENT LEVEL RISE TO NEW HEIGHTS. 
Join today's most influential technology leaders for two days 

of ground-breaking presentations unveiling the innovative 
products destined to change the marketplace. Experience 
seventy hand-picked technologies before anyone else. DEMOfall 
2005 is your ticket to technology's future - where industry- 
shaping ideas turn into real business opportunities. 


DEMO conferences are highly regarded as the can't miss 
technology events of the year, launching exciting new products 
and generating millions of media impressions. Make connections 
with technology's A-list of product developers, corporate 
executives, venture backers, and analysts. Rub elbows with top 
business and trade journalists, representing outlets such as CNN, 
the Wall Street Journal, Forbes, New York Times, USA Today, 
Network World, and InfoWorld. This single event is guaranteed 
to shape your future with new information, useful contacts, and 


a renewed energy. 
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$178B of Baloney 


HE BREATHLESS HEADLINE on the press release reads: 

“$178 Billion in Employee Productivity Lost in the U.S. 

Annually Due to Internet Misuse.” Yow! It turns out that 

Websense, which sells software for monitoring and 

blocking what employees do on the Internet, claims that 
personal use of the Internet on company time is “draining employee 
output” to the tune of $5,000 per employee per year. 

Is that true? Of course not. It’s baloney. Never mind the bizarre 
methodology of Websense’s study, which includes guesstimates by 
IT managers to come up with that $178 billion number. 

Just ask yourself this: If they weren’t on the Web, would those 
workers actually produce more “employee output”? 


Nope. Not the vast majority of them, anyway. 
Instead of reading the news online, they’d be 
paging through a newspaper. Instead of check- 
ing personal e-mail or visiting travel or shop- 
ping sites, they’d be handling the same commu- 
nications and tasks on the phone or during 
stretched-out lunch breaks. They’d just be 
doing it less efficiently. 

Let’s face it: Employees who are focused on 
getting their work done don’t need some sort of 
electronic nanny to make sure they don’t wan- 
der off into the weeds. For them, the Internet 
isn’t a distraction — it’s a tool. 

And inveterate slackers who are focused on 
wasting time will do that regardless — whether 
it’s on the Internet or at the water cooler or 
walking around, coffee cup in hand. 

Management knows that. CEOs understand 
that personal Web use is just another perk. 

Heck, if CEOs actually believed they could 
boost productivity by $5,000 per employee, 
they'd slash Internet access tomorrow. Consid- 
er Hewlett-Packard, which is laying off 14,500 
workers in hopes of chopping $1 bil- 
lion in costs next year. Do you think 
CEO Mark Hurd wouldn’t cut Inter- 
net access to HP employees if he 
thought that would instantly gener- 
ate an extra $725 million for HP’s 
bottom line and increase the com- 
pany’s net income by 20%? 

Of course he would. And of course 
he won't. Because, of course, it won't. 

So who is this “$178 billion” 
baloney aimed at? Sad to say, it’s 
aimed at people in corporate IT. 

We're suckers for this sort of 
bunk. Maybe it’s because we’ve 





generated so many bogus ROI calculations our- 
selves. Or maybe it’s because we’re always try- 
ing to improve capacity utilization, which is 
much easier than increasing user productivity. 

But micromanaging machines can pay off. 
Micromanaging users never does. 

Besides, we’ve already got a full plate of real 
challenges tied to users and the Internet. In 
comparison, slapping in some nannyware and 
obsessing over what Web sites to block and 
when to tattle on offenders is easy and fun. 

On the other hand, developing a useful, acces- 
sible e-mail archive is hard. Figuring out how to 
track, log and preserve instant messages is even 
more difficult. But thanks to lawsuits and gov- 
ernment regulations, we need to do both. 

Spam isn’t getting easier to handle. Worms, 
viruses, Trojans and spyware are getting nasti- 
er. Intruders keep getting more professional. 
Unprotected home PCs that employees use to 
log into our networks remain a nightmare. Un- 
secured wireless access points — in the office 
or employees’ homes — are even worse. 

Those are all real problems with 
real potential costs. If we handle 
them wrong, they really can drain 
employee output. And they can cost 
a lot more than that in fines, lost 
business and corporate humiliation. 

So let’s forget the easy, simple- 
minded distractions. Save the nan- 
nyware for kids. Stay focused on 
helping to squeeze more real pro- 
ductivity out of the way employees 
use the Internet. 

And let self-inflated vendors 
slice their own baloney — all 
$178 billion of it. @ 55701 
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Share the goods: Looking for a vintage chrome bumper? An avocado green blender? You’ve come to the right place. 
J | 


More than 147 million buyers and sellefs have gathered together.to make eBay the world’s online marketplace 
and create a serious IT challenge. That's why eBay collaborated with Sunt sure unrivaled scalability and availabilit 


thanks to a next-generation architecture powered by java~ technology and running-on Sun Fire* servers. It helps 


eBay bring more goods to more people, faster. The engine is the masses. The network is the computer.” Share. 
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We’re inspired by the human side of data. Digital photography is more than just rey CMe eMSIG TATE at 
with Grandma. It’s sending giggles and gurgles to aunts and uncles. That's why Hitachi hard disk drives are 


the industry choice for digital cameras, and proud parents. From the smallest Microdrive to the largest SAN 


solution, Data Storage from Hitachi. 
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